A spambot system used to covertly collect passwords and details about hundreds of millions of internet users has itself been compromised, giving an insight into the enormous scale of password harvesting being conducted by malicious hackers and cyber attackers.


The spambot system used illicit means to circumvent explicit consents normally required to gain access to a user's details, email address, computer configuration and in some cases passwords. The General Data Protection Regulation and the upcoming changes to the Data Protection Act would make businesses liable for loss of such data if they have failed to secure themselves and their customers appropriately.


These details and the enormous databases of users they represent can be repurposed to attack other legitimate accounts using a technique called 'password stuffing' - an unfortunate side effect of internet users failing to use unique passwords per internet service.


Password stuffing means that if you use the same password for example on Facebook and for your Uber account, the attackers may be able to compromise each of those accounts and others you use by iteratively trying every password and email address in the database on every common internet service.


Atlthough this database is another weapon in the arsenal of tools used by hackers and sophisticated cyber criminals, there are many easy ways to keep yourself and your businesses safe on the internet.


Stay safe and prudent online and ensure you are investing in effective training and cyber security to keep your business out of the headlines for the wrong reasons!