An unsecured server owned by spammers based in the Netherlands has been found to contain over 700 million email addresses and passwords.
Millions of such email addresses are being used by spammers to spread spam emails to the rest of the population.
Security experts recently got their hands on a hacker's gold mine when they accessed a server based in the Netherlands and used by professional spammers. Data downloaded from the unsecured server contained as many as 711 million email addresses and passwords, which security expert Troy Hunt describes as 'almost one address for every single man, woman, and child in all of Europe'.
READ MORE: Using the same password across all accounts? You need to stop right now
Even though it seems that almost every email address and password belonging to European citizens were obtained by the spammers, the actual damage could be less considering that a lot of email addresses were repeated ones and some of them were also found to be fake or malformed.
Spammers often maintain large databases to store email addresses and other contact information of citizens who they flood with spam messages and emails. While most of such databases are secured by spammers to avoid detection, few unsecured ones like the one in the Netherlands often end up revealing their game.
Troy Hunt, a security researcher, and owner of the Have I Been Pwned? website, said that while large numbers of email addresses in the database are fake, passwords found in the database were also taken from previous leaks like the LinkedIn data breach last year or the 4.2 million passwords stolen from Exploit.in.
Earlier this year, a database owned by spammers leaked out as many as 1.37 billion email addresses along with names, IP addresses and physical addresses belonging to citizens. Unearthed by security firm MacKeeper, the database was being used by marketing firm River City Media to send over a billion messages and emails per day across the world.
READ MORE: Sarahah app harvesting contacts and email addresses from millions of devices
Commenting on the recent leak, Matt Kaplan, GM at LastPass says that even if spammers are able to obtain your email address from various sources, you can still ensure that they cannot hack into your account if you turn on two-factor authentication and also use a password manager.
'Your email address is the username for most of your online accounts so it’s crucial to protect it like your identity depends on it. Using unique passwords for all your online accounts will ensure that if your email, or password, is leaked in a breach like this one, they can’t be used by hackers to get into any of your other accounts,' he says.
'If your email service offers it, be sure to turn on two-factor authentication, so that an extra code or text message is required whenever you’re logging in from a new location. That way, even a compromised password won’t allow access to your email account,' he adds.