In one of the largest single data sets of emails yet discovered, computer security experts have come across a spam list containing a pretty extraordinary 711 million email addresses. Initially uncovered by the Paris-based security researcher known as Benkow, it contains two separate troves of data, one simply of email addresses, while the second more serious set contains addresses and passwords.
The important thing to do now is to stick your email into haveibeenpwned.com to see if yours is one of the unlucky 700 million address that has been harvested, or one of the even more unfortunate souls to have also had their passwords picked too.
The site is run by a computer security expert Troy Hunt, who is the one who first got his hands on the mega list after Benkow sent it to him, and subsequently uploaded it. As he writes on his website, this is the largest single data set he has ever loaded into Have I Been Pwned, and that “for a sense of scale, that's almost one address for every single man, woman, and child in all of Europe.”
The data was harvested by a machine known only as “Onliner Spambot”, which pointed Hunt and Benkow to an IP address listed in the Netherlands, though Hunt stresses that he won’t publish this bit for fear of spreading the data further.
While law enforcement has been notified in an attempt to get it shut down, that doesn’t seem to have happened yet. So, as I’m sure you don’t need telling again, you should really check whether or not your email is on the list, and, more importantly, if they have your password too.
If you find that it has been hoovered up, then by now we should all know what to do. But I’m going to tell you anyway. Change the password. This goes not only for the email address in question, but also for any other websites that you may have used that password for. We all know that this is a total pain in the ass, but if someone had made a copy of your house key, you’d sure as hell get the locks changed.