1 min read

FBI Offers Millions of Emotet Compromised Credentials to Have I Been Pwned

Silviu STAHIE

April 28, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
FBI Offers Millions of Emotet Compromised Credentials to Have I Been Pwned

The FBI has offered millions of passwords obtained from seized Emotet malware domains to HIBP (Have I Been Pwned) to make it easier to alert impacted users and companies.

Law enforcement took down most of the Emotet infrastructure in one of the most significant collaborative efforts, gathering authorities from Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, Canada and Ukraine, with international activity coordinated by Europol and Eurojust.

Attackers used hundreds of servers across the world as command and control centers, but the efforts of the authorities and a new approach allowed them to dismantle the entire system from inside. During this process, law enforcement identified 4,324,770 compromised email addresses, which they now offer to the HIBP service.

“Following the takedown, the FBI reached out and asked if Have I Been Pwned (HIBP) might be a viable means of alerting impacted individuals and companies that their accounts had been affected by Emotet,” said security researcher Troy Hunt, who’s running HIBP. “This isn’t the first time HIBP has been used by law enforcement in the wake of criminal activity with the Estonian Central Police using it for similar purposes a few years earlier.”

There are actually two different sets of email addresses: one used by Emoted to send spam and another of emails harvested from browsers. As usual, the security measures and possible mitigations remain the same for data breaches.

If people or companies discover that their emails have been compromised, they should change the credentials as soon as possible, along with security questions. This also applies to credentials of online services stored in compromised systems. Of course, having an up-to-date and powerful security solution running on all devices is paramount.

tags


Author



Right now

Top posts

How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Your phone number got leaked? Here’s what cybercriminals can do with it and how you can stop them Your phone number got leaked? Here’s what cybercriminals can do with it and how you can stop them
Alina BÎZGĂ

December 05, 2022

3 min read
Threat actor publicly shares stolen data of 5.4 million Twitter users Threat actor publicly shares stolen data of 5.4 million Twitter users
Alina BÎZGĂ

November 28, 2022

3 min read
500 million WhatsApp mobile phone numbers are up for grabs on the dark web 500 million WhatsApp mobile phone numbers are up for grabs on the dark web
Alina BÎZGĂ

November 25, 2022

2 min read