A spambot computer program, which collects email addresses to send out spam messages to consumers, has exposed 711 million email addresses and a number of passwords.
NBC News reported that the data breach occurred because spammers neglected to secure their servers, allowing the information to be accessed and downloaded without credentials.
The spambot sends out spam messages for everything from weight loss pills to those Nigerian prince emails. Security researcher Troy Hunt said it was the largest set of data he has ever uploaded to his site, Have I Been Pwned?, which allows people to enter their email address or username to see if they have been compromised.
“Just for a sense of scale, that’s almost one address for every single man, woman and child in all of Europe,” Hunt wrote.
Not every email address included in the data breach came with a password, and those that did seem to be from previous leaks, including the LinkedIn breach from 2012. That data appeared for sale on the dark web in May 2016. And while the size of the breach is unprecedented, security experts say that not all of the email addresses appear to be valid. In fact, Hunt said many appear to be incorrectly scraped from the public internet or guessed, so the number of people affected by the breach is probably much less than 711 million.
Still, it’s a reminder to make sure you’re taking smart cybersecurity steps, such as having a strong, different password for every account and an up-to-date antivirus system on your computer.
“And be suspicious of any email you don’t expect,” said Matthew Gardiner, a cybersecurity strategist at Mimecast, an email security company.