Light Dark
September 1, 2017 By Mark Samuels 2 min read

A malware researcher recently uncovered a spamming operation that led to a massive data breach of more than 711 million email addresses.

Paris-based security expert Benkow found an open and accessible web server that was hosted on a spambot in the Netherlands. According to Benkow’s blog post, the server, known as Onliner, has been used to distribute spam and Trojans.

Inside the Spamming Operation

The Onliner web server is home to a range of text files that contain batches of email addresses and passwords. These credentials are the keys to success for the spamming operation, which aims to circumnavigate spam filters by distributing email via authentic servers.

Onliner is being used to push the Ursnif banking malware to inboxes around the world. The Ursnif Trojan provides a means for fraudsters to collect sensitive data, including usernames, passwords and credit card information.

According to the BBC, the spamming operation appears to be the biggest of its kind ever found. The potential ramifications are also significant: Benkow told ZDNet that the distribution of the Ursnif Trojan has led to over 100,000 unique infections globally.

What Information Was Exposed?

About 80 million valid credentials were discovered in the online directory, according to the researcher’s blog. These legitimate email addresses — and their servers — allowed attackers to bypass antispam measures and send spam to the remaining 630 million accounts.

The list includes email addresses that seem to have been taken from other data breaches, such as those associated with LinkedIn, MySpace and Dropbox, The Hacker News reported. Benkow also found a list of almost 2 million email addresses that appeared to stem from a Facebook phishing campaign.

In a blog post, technology expert Troy Hunt noted the size of the data breach. Hunt, who runs the breach notification site Have I Been Pwned?, said the “mind-boggling amount of data” is the largest he has ever uploaded to his service. He noted that the 711 million records are almost the equivalent of an email address for every man, woman and child in Europe.

Reducing the Risk of a Data Breach

The origins of Onliner remain unclear, but the potential risk is obvious. The database is stored without any access controls, meaning the data is publicly available to anyone without the use of a password.

Individuals can use Have I Been Pwned? to check whether their email address is included in the service records. Affected individuals should change passwords for their email addresses and all other accounts that use a similar string, reported Graham Cluley. Users can also protect their accounts with two-factor authentication when the option is available.

The risk of data exposure is rising. More than 6 billion records were exposed through 2,227 publicly disclosed data breaches in the first half of 2017, according to research from Risk Based Security. The number of records exposed during the first half of this year is already higher than the previous all-time high at the end of 2016.

While users must act cautiously, IT managers and security experts should work to reduce the risk of a data breach. Malware researchers need to spend more time investigating the creation and distribution of spambots. He pointed to the high level of creativity and the potential interaction with other areas of cybercrime.

 |  |  |  |  |  |  | 
Mark Samuels
Tech Journalist

More from

January 30, 2025

When ransomware kills: Attacks on healthcare facilities

4 min read - As ransomware attacks continue to escalate, their toll is often measured in data loss and financial strain. But what about the loss of human life? Nowhere is the ransomware threat more acute than in the healthcare sector, where patients’ lives are literally on the line.Since 2015, there has been a staggering increase in ransomware attacks on healthcare facilities. And the impacts are severe: Diverted emergency services, delayed critical treatments and even fatalities. Meanwhile, the pledge some ransomware groups made during…

January 29, 2025

AI and cloud vulnerabilities aren’t the only threats facing CISOs today

6 min read - With cloud infrastructure and, more recently, artificial intelligence (AI) systems becoming prime targets for attackers, security leaders are laser-focused on defending these high-profile areas. They’re right to do so, too, as cyber criminals turn to new and emerging technologies to launch and scale ever more sophisticated attacks.However, this heightened attention to emerging threats makes it easy to overlook traditional attack vectors, such as human-driven social engineering and vulnerabilities in physical security.As adversaries exploit an ever-wider range of potential entry points…

January 28, 2025

4 trends in software supply chain security

4 min read - Some of the biggest and most infamous cyberattacks of the past decade were caused by a security breakdown in the software supply chain. SolarWinds was probably the most well-known, but it was not alone. Incidents against companies like Equifax and tools like MOVEit also wreaked havoc for organizations and customers whose sensitive information was compromised.Expect to see more software supply chain attacks moving forward. According to ReversingLabs' The State of Software Supply Chain Security 2024 study, attacks against the software…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature