If You Have One of These 711 Million Email Addresses, You Need to Change Your Password Immediately

Chances are, one of them is yours.

emailRawpixel.com/ShutterstockThere’s the average online scam, and then there’s the hacker with a list of 711 million e-mail addresses. That number alone is enough to send chills down anyone’s spine. And unfortunately, the odds are high that your e-mail’s password has been compromised, and one of those accounts is yours. (Here’s why your password is weak, and what to do about it.)

A security researcher called Benkow recently uncovered a list of 711 million email accounts stored on an “open and accessible” server in the Netherlands, ZDNet reported. Apparently, an unknown hacker has been using the addresses to send large amounts of spam, as well as harmful malware, via e-mail. Using legitimate accounts allows the e-mails to bypass spam filters, experts say.

There’s some good news, though—and e-mail users everywhere, you can breathe a little easier. Fortunately, “whilst the ‘711 million’ headline is technically accurate, the number of real humans in the data is going to be somewhat less,” said Troy Hunt, Microsoft regional director and creator of the anti-hacker website Have I Been Pwned. Still, Hunt called the list “mind-boggling.”

“Just for a sense of scale, that’s almost one address for every single man, woman, and child in all of Europe,” he wrote in a blog post.

The spam e-mails appear to contain a small, nearly invisible GIF. If a user opens the e-mail, Benkow wrote, “a request with your IP and your User-Agent will be sent to the server that hosts the GIF. With these information, the spammer is able to know when you have opened the email, from where and on which device.”

Opening the e-mail puts your account on the list of those who will likely receive second emails containing malware. Bottom line: You should never, ever open spam e-mails. Here’s how to avoid these common online scams, too.

Wondering if your account has been compromised? It only takes a few seconds to find out. Simply type your e-mail address into the search bar at Have I Been Pwned, and the website will tell you if your account has been breached. If your e-mail is on the list, fear not; just make a new password. And when you do, this website can help you make a foolproof password to protect you from hackers in the future.

[Sources: Gizmodo, Manchester Evening News, ZDNet]

Brooke Nelson
Brooke is a tech and consumer products writer covering the latest in digital trends, product reviews, security and privacy, and other news and features for RD.com.