1

12.5 million Australian email accounts have been leaked online

The email accounts of 711 million people have been published online, including those of 12.5 million Australians. It is suspected that this is related to a LinkedIn data breach from 2012, and potentially an earlier Facebook phishing campaign.

According to StaySmartOnline, “The personal data has been dumped on a server called Onliner Spambot, which since 2016 has been used to spread malware to steal banking details, and infect people’s computers so they send out viruses and spam (unwanted emails).”

 

What does this data breach mean?

There are two types of data on the Onliner Spambot server. The first is email addresses only. Since this is only email addresses and not passwords, no malicious emails can be sent from these emails, however, malicious emails can be sent to these email addresses. For example, an email was sent from this server appearing to come from Roads and Maritime in NSW around E-tags for paying tolls and included a malicious link. This email was not actually from the source it claimed to be, but did seem to be legitimate. In this example, the link went to a bogus website where customers could pay, but malicious links can take many forms.

The second type of data on the server is both email addresses and passwords. This means that malicious emails can come from your email address to others. By having access to legitimate email addresses from legitimate mail servers, these malicious emails look genuine and can bypass anti-junk measures.

 

How to check if you email has been Compromised

To find out if your email address has been published in a data breach from this, or any other breach, go to the trusted site HaveIBeenPwned and follow the prompts.

 

How to protect yourself

If you find that your email has been breached, or want to take extra precautions, we recommend changing your password immediately.

Since this breach can send malicious emails to recipients, now is a good time to be especially wary of suspicious looking emails. Read our recent article on fake emails to learn more about how to differentiate between suspicious and legitimate emails.

In general, we recommend that you change your passwords regularly. You should also use extreme caution online, and always be sure that you know the sender. Keep in mind that criminals may gather personal information from your social media accounts so that the emails seem more realistic or relevant. If you’re not sure if an email is suspicious or not, err on the side of caution.