A spambot system used to covertly collect passwords and details about hundreds of millions of internet users has itself been compromised, giving an insight into the enormous scale of password harvesting being conducted by malicious hackers and cyber attackers.
The spambot system used illicit means to circumvent explicit consents normally required to gain access to a user's details, email address, computer configuration and in some cases passwords. The General Data Protection Regulation and the upcoming changes to the Data Protection Act would make businesses liable for loss of such data if they have failed to secure themselves and their customers appropriately.
These details and the enormous databases of users they represent can be repurposed to attack other legitimate accounts using a technique called 'password stuffing' - an unfortunate side effect of internet users failing to use unique passwords per internet service.
Password stuffing means that if you use the same password for example on Facebook and for your Uber account, the attackers may be able to compromise each of those accounts and others you use by iteratively trying every password and email address in the database on every common internet service.
Atlthough this database is another weapon in the arsenal of tools used by hackers and sophisticated cyber criminals, there are many easy ways to keep yourself and your businesses safe on the internet.
Stay safe and prudent online and ensure you are investing in effective training and cyber security to keep your business out of the headlines for the wrong reasons!
A broken spambot has made the details available on the internet, potentially endangering anyone contained within it. And it also includes passwords, meaning that some people’s accounts may now be compromised. But despite the fact that 711 million addresses are contained within the dump – enough to give one each for every man, woman and child in Europe – it’s unlikely that each belongs to a real person.