ShellCodeX Breach Report
Onliner Spambot Data Breach
Verified breach
Spam list
Passwords exposed
Accounts exposed
711,477,622
Breach date
28 Aug 2017
Added to tracker
29 Aug 2017
Data classes
2
What happened
In August 2017, a spambot by the name of Onliner Spambot was identified by security researcher Benkow moʞuƎq. The malicious software contained a server-based component located on an IP address in the Netherlands which exposed a large number of files containing personal information. In total, there were 711 million unique email addresses, many of which were also accompanied by corresponding passwords. A full write-up on what data was found is in the blog post titled Inside the Massive 711 Million Record Onliner Spambot Dump.
Exposed data
Email addresses
Passwords
Recommended actions
- Change your Onliner Spambot password immediately, and update it anywhere you reused the same password.
- Enable two-factor authentication on the affected account and on your critical services (email, banking).
- Watch for targeted phishing emails referencing Onliner Spambot — attackers weaponise breach data quickly.
- Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected?
Check whether your email address appears in this breach.
Check on HIBP