Efforts to overcome Emotet continue. After dismantling the malware network and warning about the consequences of this malware. Now the FBI is alerting EMOTET victims about violations. Because the agency teamed up with the website Have I Been Pwned or HIBP. In this way, the website verifies whether Emotet has compromised victims’ login credentials.

It should be recalled that Emotet is a malware that operated from 2014 until February this year. Originally discovered as a banking Trojan that later evolved. And its infrastructure functioned as a gateway for other types of malware. This is why authorities consider it one of the most damaging and long-lasting cybercrime services in history. Since many cybercriminals went so far as to buy this unauthorized access for other illicit activities. For example, data theft and extortion through ransomware.

Emotet taken down and victims alerted

Earlier this year, the United States, Canada and a host of law enforcement authorities from European countries took down Emotet. Subsequently, the FBI contacted HIBP, To determine if it was a feasible alternative to alert. Have I Been Pwned is a website where users can check if their personal data has been compromised in data breaches.. Previously, other law enforcement agencies have used its services as an alternative to cyberattacks.

In response, the FBI shared more than 4.3 million email addresses with the site. Emotet collected these accounts in cyberattacks. They belong to users and companies. In total, they actually correspond to two batches. They actually correspond to two batches. The first, of email credentials stored by Emotet to send spam. Specifically through the email providers of the victims. While the second corresponds to web credentials obtained from browsers. Stored to speed up subsequent logins.




In total 4,324,770 email addresses spanning a large number of countries and domains were provided. These addresses came from two separate data sets that were obtained by the agencies during the Emotet takedown process

Troy Hunt, HBIP founder

Both agencies discussed loading the data as two breaches. However, they ultimately decided to load the data as one breach. In light of the fact that the final recommendation is very similar in the two cases. In addition, the results will not be public. Because HBIP rated the incident as sensitive. This is why affected users will request the information through the notification service. Or by performing a domain search. This means that they will not be able to check via the website search bar, as usual.

Leave a Comment

Your email address will not be published. Required fields are marked *