Sunday, January 28, 2018

How should security teams handle the Onliner spambot leak?

A list of 711 million records stolen by the Onliner spambot was recently discovered, and it's utterly staggering to think of the sheer size of this data set. To put things into perspective: the United States only has 323 million people. Even if everyone in America had their data on this list, it would only make up half of that data.

The list of data that the Onliner spambot stole was given to security researcher Troy Hunt, who then imported the entire list onto his site Have I been pwned? This site creates a searchable database of email addresses and usernames that have shown up following today's largest breaches, such as those at LinkedIn, Adobe and Myspace.

It would be beneficial for you to personally validate if your email addresses or usernames have been compromised in these breaches. By submitting your email address or username, the site queries the aggregated list of dumped credentials found and informs you if you were a part of it. If your credentials are found in the aggregated list, then you should reset the passwords for those accounts immediately.

There are also ways for organizations to determine and be notified if a user account on their domain has been caught in a data breach. Once an enterprise has submitted its domain name to the site and completed the verification process, an email is sent each time an email address with that domain is found in a data breach that's within the Have I been pwned? database.

In addition to changing passwords as soon as possible, users should also determine if they are reusing the hacked password on any other sites. If so, those passwords should be changed as well, since we've seen attackers use breaches like these and attempt to reuse the credentials on other sites in hopes of the credentials being the same.

Some advice to users who reuse their credentials would be to start using password vaults to store passwords, as this is an easier way to manage multiple complex passwords for different accounts. Likewise, users should attempt to use some sort of multifactor authentication on their accounts to limit the effect of massive breaches, as attackers won't have the second form of authentication. Even though the credentials would still be public, the second factor would not be within these lists, thus acting as a stop gap to limit attackers from using these accounts.

Using Have I been pwned? as a tool to increase your situational awareness on the status of current major breaches, such as the Onliner spambot, is an added way to keep yourself and your organization safe. Similarly, enforcing multifactor authentication and eliminating credential reuse can go a long way to help you stay safe.

My article at:


  1. غسيل خزانات بمكة شركة غسيل خزانات بمكة
    غسيل خزانات بجدة شركة غسيل خزانات بجدة
    غسيل خزانات بالدمام شركة غسيل خزانات بالدمام


    تنظيف منازل بالدمام تنظيف منازل بالدمام
    تنظيف منازل بالاحساء تنظيف منازل بالاحساء
    تنظيف منازل بمكة تنظيف منازل بمكة
    تنظيف منازل بجدة تنظيف منازل بجدة
    تنظيف منازل بالمدينة المنورة تنظيف منازل بالمدينة المنورة

  2. Nice tool to learn if you've been hacked, or be hacked...


  3. I always appreciated your work, your creation is definitely unique. Great job
    rasmussen student portal

  4. This comment has been removed by the author.

  5. the globe which have already been working and receiving. do my assignment paper great grades by the assignment composing services of assignments that are a lot of assistance suppliers.

  6. I blog often and I truly appreciate your content.
    Feel free to visit my blog :

  7. Hey! I work in computer technology, so thanks for the interesting question. You can find this information on this site.