A spampot containing a massive list of 711 million records including email addresses, email and password combinations, and SMTP credentials and configuration files were found. The spambot is called Onliner and has been around since 2016. The spampot is also best known for spreading the Ursnif banking Trojan. A security researcher found an open directory in an Onliner server hosted in the Netherlands and that was able to grab more than 50 GB of data likely called from the multitude of breaches and data dumps reported last year. According to the researcher, the server was still up and running and law enforcement had been notified.
The researcher found 80 million credentials among the data, though he added it is near impossible to determine where they all came from. He was able to determine that about two million came from a Facebook phishing campaign. More than one billion records containing personal information, including email addresses, were exposed in 2016 alone as a rash of leaked data from numerous breaches were put up for sale or made available to the public.
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street