The majority of the passwords appear to have been collected from previous leaks: one set reflects the 164 million stolen from LinkedIn in May 2016, while another set reflects 4.2 million of the ones stolen from Exploit.In, another pre-existing database of stolen passwords.
Nevertheless, according to data breach experts, the number of real humans’ contact details contained in the dump is likely to be lower, however, due to the number of fake, malformed and repeated email addresses contained in the dataset.
The data was available because the spammers failed to secure one of their servers, allowing any visitor to download many gigabytes of information without needing any credentials, according to The Guardian. Furthermore, there are also millions of passwords contained in the breach, apparently a result of the spammers collecting information in an attempt to break in to users’ email accounts and send spam under their names, the publication continues.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now