A total of 711,000,000 passwords have been posted online in what's described by security experts as one of the largest batches of password data online.

A security researcher in Paris, who operates under the name Benkow, discovered an open web server which has stored the trove of e-mail addresses, passwords and servers, which it uses to send spam.

The spambot then uses this information to send malware that, when opened by users, grabs personal information including passwords, banking details and anything else it can get its hand on.

The entire list of e-mails has been filtered into a search on the breach notification website HaveIBeenPwned.com, and you can check to see if your e-mail is on the list. That website, run by security researcher Troy Hunt, also comes with a handy FAQ and explainer on the subject.

Basically, if you haven't changed your password recently, it's time to do it now and if you're not already using two-step verification - that's where you get a text on your phone with a unique number to type in - start using it now.


Via ZDNet