Opening emails alerted spambot to functioning accounts.

A Paris-based security researcher just made an unprecedented discovery: the largest database of stolen email addresses to date. With more than 711 million separate emails, it’s certainly one for the history books.

The security expert, who goes by the name Benkow, explains the process of his discovery in this blog post, as well as what spammers would do with the info and why they wanted it in the first place. Essentially, it’s a treasure trove of emails to use when flooding individuals with spam, an especially valuable tool in implementing ransomware attacks. At the same time, emails with stolen login credentials are also valuable for spear phishing campaigns and spoofing.

Giant spambot scooped up 711 million email addresses

The scale of the scheme appears to make it the biggest find of its kind.


Value behind the data

Benkow’s detailed explanation of the value behind the data contains another explanation that might be less familiar to casual, every day email users. Just by opening the spam email (and presumably reading the tragic plight of the Nigerian prince/lovelorn potential soulmate/Bank of Kenya employee who needs your help), you’re actually alerting the spambot that your email is a functioning account.

Hidden 1×1 gif

“If you look at the email you will see that inside this random spam, there is a hidden 1×1 gif. This method is well known in the marketing industry. Indeed, when you open this random spam, a request with your IP and your User-Agent will be sent to the server that hosts the gif. With these information, the spammer is able to know when you have opened the email, from where and on which device (Iphone ? Outlook?…). At the same time, the request also allows the attacker to know that the email is valid and people actually open spams.”

To find out if your email address was included in the massive dumpster of info, check out This specific spambot file will be mentioned with the August 2017 date. Regardless of this incident, it’s a good idea to check out the pwned site from time to time for updates on where your data may have been nabbed, and to change your account passwords routinely for good measure.

Safeguard your data – download the latest security and anti-malware software now!