Change Your Password: Massive Spambot Dump Leaks Over 700 Million Private Email Addresses
A security researcher in Paris who goes by "Benkow" is spreading the word on what he found, which is an open web server hosted in the Netherlands storing dozens of text files containing email addresses, passwords, and email servers used to send spam.
Spammer's have been using those credentials for a massive malware campaign. And because these are legitimate email servers that they have access to, they are able to scoot right on past spam filters that would normally nix such an operation.
Processing the largest list of data ever seen in @haveibeenpwned courtesy of a nasty spambot. I'm in there, you probably are too.— Troy Hunt (@troyhunt) August 28, 2017
Though it seems rather simple, spamming is still a popular and effective means of spreading malware. Spammers have to contend with increasingly sophisticated email filters, but Onliner itself is rather sophisticated and able to bypass spam filters.
"Indeed, to send spam, the attacker needs a huge list of SMTP credentials. To do so, there are only two options: create it or buy it. And it's the same as for the IPs: the more SMTP servers he can find, the more he can distribute the campaign," Benkow explains.
Benkow says the spammer(s) responsible dug through the contents of other security breaches, such as the LinkedIn hack and other sources.
Bottom line? If you have not done so recently, it would be a good idea to go and change your passwords, and then get in the habit of changing them periodically.