Hundreds of millions of email addresses and some passwords have been leaked onto the internet, in probably the biggest dump ever.A broken spambot has made the details available on the internet, potentially endangering anyone contained within it. And it also includes passwords, meaning that some people’s accounts may now be compromised.
As well as the addresses, the dump also contains millions of passwords for some of those same email addresses. But Mr Hunt, who runs the website Have I Been Pwned, said that they appeared to have been taken from other password dumps, like that from LinkedIn, meaning that most people were already exposed to those security problems.
There’s no way of knowing where the data, which is probably compiled from a variety of sources, actually came from. The dump includes a range of addresses from different sources, many of which are fake but some of which are entirely real.
“I have no idea how this service got mine, but even for me with all the data I see doing what I do, there was still a moment where I went ‘ah, this helps explain all the spam I get’,” he continued.
“And that’s the unfortunate reality for all of us: our email addresses are a simple commodity that’s shared and traded with reckless abandon, used by unscrupulous parties to bombard us with everything from Viagra offers to promises of Nigerian prince wealth. That, unfortunately, is life on the web today.”
All of the addresses, as well as data from a range of other dumps, are now contained in the Have I Been Pwned database, which can be searched to find out whether any person was caught up in the data.