Startups
Cybersecurity

Cofense published a database of over 200M compromised email accounts

After Cofense Labs discovered a "for rent" botnet last month, the cybersecurity startup released a database of email addresses compromised by sextortion campaigns.

Loops seeks a better solution to email issues that its founder said the publicly traded email giants haven't solved. (Photo by Pixabay user rawpixel, used under a Creative Commons license)

Leesburg, Va.–based cybersecurity startup Cofense recently published a database of over 200 million email accounts targeted by a large sextortion scam.

A sextortion email is a tactic that hackers use to scare people into making ransom payments so they won’t leak their sensitive information online. Confense said it found that $1.5 million in ransom payments via Bitcoin were made to hackers this year alone as a result of sextortion campaigns.

The company’s new research and development arm, Cofense Labs, discovered a “for rent” botnet in June that was primarily used to send sextortion emails, a press release states. Since its discovery, Cofense Labs has been monitoring the botnet’s activity.

“This botnet is not infecting computers to acquire new data sets – it is a true “spray and pray” attack reusing credentials culled from past data breaches to fuel legitimacy and panic through sextortion scams,” Aaron Higbee, Cofense cofounder and CTO, said in a statement.

Another way hackers can get access to your information to send sextortion emails is weak or reused passwords. Cofense said that hackers behind this campaign are using recycled email address and passwords, dating back at least 10 years.

“If your email address is found in a target list used by the botnet, it’s highly likely you will receive a sextortion email – if you haven’t already. We felt it was critical to get this information out. We hope that victims receiving a sextortion email will find our resource center so they can avoid the anxiety and stress of trying to figure out whether to pay a bitcoin ransom,” Higbee said in a statement.

Higbee advised that the owners of these compromised email addresses should change the password and the passwords of any account associated with the address. He also said you shouldn’t respond to or pay any ransom if you receive a sextortion email.

Engagement

Join the conversation!

Find news, events, jobs and people who share your interests on Technical.ly's open community Slack

Trending

How venture capital is changing, and why it matters

Why the DOJ chose New Jersey for the Apple antitrust lawsuit

DC daily roundup: Meta's anti-trans hate problem; Key Bridge collapse's supply chain impact; OpGen has a new CEO

DC daily roundup: Dcode Capital's $19M; tech for sports events; the Key Bridge disaster

Technically Media