Cofense published a database of over 200M compromised email accounts

Leesburg, Va.–based cybersecurity startup Cofense recently published a database of over 200 million email accounts targeted by a large sextortion scam.

Newly launched Cofense Labs is sharing details of a massive sextortion campaign with over 200M recipients in its sights. Learn the campaign's impact and how Cofense is helping potential victims and employers address the threat: https://t.co/L3OWieIgfx pic.twitter.com/KCrd8LNduR

— Cofense (@Cofense) August 5, 2019

A sextortion email is a tactic that hackers use to scare people into making ransom payments so they won’t leak their sensitive information online. Confense said it found that $1.5 million in ransom payments via Bitcoin were made to hackers this year alone as a result of sextortion campaigns.

The company’s new research and development arm, Cofense Labs, discovered a “for rent” botnet in June that was primarily used to send sextortion emails, a press release states. Since its discovery, Cofense Labs has been monitoring the botnet’s activity.

“This botnet is not infecting computers to acquire new data sets – it is a true “spray and pray” attack reusing credentials culled from past data breaches to fuel legitimacy and panic through sextortion scams,” Aaron Higbee, Cofense cofounder and CTO, said in a statement.

Another way hackers can get access to your information to send sextortion emails is weak or reused passwords. Cofense said that hackers behind this campaign are using recycled email address and passwords, dating back at least 10 years.

“If your email address is found in a target list used by the botnet, it’s highly likely you will receive a sextortion email – if you haven’t already. We felt it was critical to get this information out. We hope that victims receiving a sextortion email will find our resource center so they can avoid the anxiety and stress of trying to figure out whether to pay a bitcoin ransom,” Higbee said in a statement.

Higbee advised that the owners of these compromised email addresses should change the password and the passwords of any account associated with the address. He also said you shouldn’t respond to or pay any ransom if you receive a sextortion email.