Due to the Recent email spambot harvesting of username and passwords by An archive containing more than 630 million email addresses used by ‘Onliner Spambot’ has been published online. It contains a vast amount of email addresses, along with millions of SMTP credentials (passwords). http://securityaffairs.co/wordpress/62494/data-breach/onliner-spambot.html
What can you do?
I recommend that you take the following steps to check all your users of your email domains
First, you need to make an account of security@”youremaildomain.org/com” Make sure that security@youremaildomain can receive outside emails.
Then Goto: https://haveibeenpwned.com/DomainSearch
Put in your email domain name Make sure the subscribe me button is checked
Put in Security@youremaildomain it must be security@youremaildomain not a personal emailname@youremaildomain (there are other options but I am keeping it simple here; Security@youremaildomain works).
It will then take you page where you will pick to send yourself a verification email.To either
hostmaster@....
Security@......
webmaster@....
For this time use security@youremaildomain Click send verification A popup window will wait for you to enter your verification code:
You will receive an email with a link like the following To complete the verification process, copy the following token and paste it into the form you just completed:
367sj792kl46l78e01330e7kljjowoi72305uwf
Paste in your verification code
Click on verify token Then I like to use the CSV so I click on the Excel icon to download the CSV.
I have sent out emails to users whose username and passwords show up in the spreadsheet.
The great thing is that you can find out if your users have other sites where their work email has been "hacked"I know this is "free" service but if you can help them out by paying something it is a great service we are getting and I would like to keep it...
They have a donation button.writing your post here.
Comments