FBI Gave Emotet's 4.3 Million Email Addresses To Have I Been Pwned

FBI Gave Emotet’s 4.3 Million Email Addresses To Have I Been Pwned

The FBI has handed over 4.3+ million email addresses that were harvested by the Emotet botnet to the Have I Been Pwned (HIBP) data breach service. Anyone can use this service to see if their private information – email addresses, in this case – have been harvested by the botnet. 

HIPB has been created by an Australian security researcher Troy Hunt is and become a trusted breach alert service that provides data to Mozilla’s Firefox own breach alerts. 

Emotet is a notorious botnet that Europol called the world’s most dangerous botnet that since 2014, has been responsible for distributing ransomware, banking trojans, and other malware in a big number of phishing campaigns and spam. 

The FBI collected the email addresses from Emotet’s servers in a seizure of attackers’ computers in January. The Emotet malware botnet was taken down by law enforcement in the US, Canada, and Europe in a smart self-destruction campaign we described earlier. 

In January, law enforcement in the Netherlands and Germany’s law enforcement took over attackers’ key domains and seized their servers. After which, they pushed an update to about 1.6 million computers infected with Emotet that contained a kill switch that uninstalled the malware on April 25 from all impacted machines.   

Hunt said in a blogpost that the FBI handed him over “email credentials stored by Emotet for sending spam via victims’ mail providers.” In addition, the police gave him “web credentials harvested from browsers that stored them to expedite subsequent logins.” The data have been uploaded into HIPB as a single “breach.” Even though it’s not the typical data breach for which the site collects credentials and email addresses, Hunt accepted the offer to help internet users protect themselves.

If individuals or organizations find their details on HIPB, Hunt suggests they:

  1. Keep their security tools like antiviruses up to date. 
  2. Change email passwords and security questions for any accounts they may have stored in either inbox or browser.
  3. For administrators, read the YARA rules by DFN Cert.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.