Cofense published a database of over 200M compromised email accounts - DC


Aug. 13, 2019 1:07 pm

Cofense published a database of over 200M compromised email accounts

After Cofense Labs discovered a "for rent" botnet last month, the cybersecurity startup released a database of email addresses compromised by sextortion campaigns.
Are your emails protected?

Are your emails protected?

(Photo by Pixabay user rawpixel, used under a Creative Commons license)

Leesburg, Va.–based cybersecurity startup Cofense recently published a database of over 200 million email accounts targeted by a large sextortion scam.

A sextortion email is a tactic that hackers use to scare people into making ransom payments so they won’t leak their sensitive information online. Confense said it found that $1.5 million in ransom payments via Bitcoin were made to hackers this year alone as a result of sextortion campaigns.

The company’s new research and development arm, Cofense Labs, discovered a “for rent” botnet in June that was primarily used to send sextortion emails, a press release states. Since its discovery, Cofense Labs has been monitoring the botnet’s activity.

“This botnet is not infecting computers to acquire new data sets – it is a true “spray and pray” attack reusing credentials culled from past data breaches to fuel legitimacy and panic through sextortion scams,” Aaron Higbee, Cofense cofounder and CTO, said in a statement.

Another way hackers can get access to your information to send sextortion emails is weak or reused passwords. Cofense said that hackers behind this campaign are using recycled email address and passwords, dating back at least 10 years.

“If your email address is found in a target list used by the botnet, it’s highly likely you will receive a sextortion email – if you haven’t already. We felt it was critical to get this information out. We hope that victims receiving a sextortion email will find our resource center so they can avoid the anxiety and stress of trying to figure out whether to pay a bitcoin ransom,” Higbee said in a statement.


Higbee advised that the owners of these compromised email addresses should change the password and the passwords of any account associated with the address. He also said you shouldn’t respond to or pay any ransom if you receive a sextortion email.


Already a contributor? Sign in here
Connect with companies from the community
New call-to-action


Avoid this security threat to keep your inbox from becoming a horror story

HyperQube launches ‘cyber range as a service’

Cofense launched a new product to combat phishing attacks



Verizon is looking for the brightest ideas on how to use its 5G technology

Washington, DC


Account Executive

Apply Now

Philadelphia, PA - Center City


Business Architect

Apply Now



Experienced Software Engineer – Backend

Apply Now

This email protection startup just released its flagship anti-phishing solution

Romanian hackers arrested for shutting down 65 percent of DC surveillance cameras before Trump inauguration

After two and a half years of R&D, Verodin emerges from stealth mode

Sign-up for daily news updates from Dc

Do NOT follow this link or you will be banned from the site!