Cofense published a database of over 200M compromised email accounts - DC


Aug. 13, 2019 1:07 pm

Cofense published a database of over 200M compromised email accounts

After Cofense Labs discovered a "for rent" botnet last month, the cybersecurity startup released a database of email addresses compromised by sextortion campaigns.
Are your emails protected?

Are your emails protected?

(Photo by Pixabay user rawpixel, used under a Creative Commons license)

Leesburg, Va.–based cybersecurity startup Cofense recently published a database of over 200 million email accounts targeted by a large sextortion scam.

A sextortion email is a tactic that hackers use to scare people into making ransom payments so they won’t leak their sensitive information online. Confense said it found that $1.5 million in ransom payments via Bitcoin were made to hackers this year alone as a result of sextortion campaigns.

The company’s new research and development arm, Cofense Labs, discovered a “for rent” botnet in June that was primarily used to send sextortion emails, a press release states. Since its discovery, Cofense Labs has been monitoring the botnet’s activity.

“This botnet is not infecting computers to acquire new data sets – it is a true “spray and pray” attack reusing credentials culled from past data breaches to fuel legitimacy and panic through sextortion scams,” Aaron Higbee, Cofense cofounder and CTO, said in a statement.

Another way hackers can get access to your information to send sextortion emails is weak or reused passwords. Cofense said that hackers behind this campaign are using recycled email address and passwords, dating back at least 10 years.

“If your email address is found in a target list used by the botnet, it’s highly likely you will receive a sextortion email – if you haven’t already. We felt it was critical to get this information out. We hope that victims receiving a sextortion email will find our resource center so they can avoid the anxiety and stress of trying to figure out whether to pay a bitcoin ransom,” Higbee said in a statement.


Higbee advised that the owners of these compromised email addresses should change the password and the passwords of any account associated with the address. He also said you shouldn’t respond to or pay any ransom if you receive a sextortion email.


Already a contributor? Sign in here
Connect with companies from the community
New call-to-action


Sign-up for daily news updates from Dc

Do NOT follow this link or you will be banned from the site!