As many as 711.5m email addresses may have been compromised by the largest ever spamming operation discovered by malware researchers, with email addresses, and in some cases associated passwordsd, gathered to help spread banking malware.

The spambot was first flagged by Benkow, a Paris-based security expert, before being brought to wider attention by ZDnet.  In cases where only email addresses have been captured, hackers can only target the owners with additional spam in the hope of tricking them into revealing more information.

However, in some cases, user names, passwords and additional information have also been compromised, meaning that cyber criminals can secretly hijack accounts in order to aid their campaign via a spambot known as Onliner.

Members of the public can check if their accounts have been affected via the Have I Been Pwned service. While the sites operator Troy Hunt has acknowledged that some of the listed addresses correspond to non-existant accounts, the said that the total number is still a “mind-boggling amount”.

The data was reportedly discovered in an open and accessible web server hosted in the Netherlands, where dozens of text files containing huge numbers of email addresses, passwords and email servers were stored.