Lists of email addresses with password and other information used to send phishing emails and spam were hosted on an open server and available to copy or download. More than one-fourth of the email and password combinations were identified from previous data breaches and this collection of 711 million email address account credentials shows the scale of data breaches and consumers who are ripe for account takeover.
Having access to active or legitimate consumer email accounts for sending spam is a major asset in the fraudster world and black market. Email providers and third-party email security vendors constantly update blacklists of bad servers known for sending spam. Using real email accounts circumvents many of these filters.