FBI teams up with ‘Have I Been Pwned’ to alert Emotet victims

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.


The data breach notification site now allows you to check if your login credentials may have been compromised by Emotet

The United States’ Federal Bureau of Investigation (FBI) has shared more than 4.3 million email addresses, harvested by the Emotet botnet, with data breach tracking website Have I Been Pwned (HBIP) in an effort to help alert victims of the notorious botnet.

“In all, 4,324,770 email addresses were provided which span a wide range of countries and domains. The addresses are actually sourced from 2 separate corpuses of data obtained by the agencies during the takedown,” said HBIP founder Troy Hunt in a blog post.

The move comes on the heels of an operation on Sunday where law enforcement agencies pushed out an update to all systems compromised by Emotet in order to cleanse them of the notorious Back in January, authorities from the Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, Canada, and Ukraine joined forces to disrupt the botnet by gaining control of its infrastructure and taking it down from the inside. Some 700 command-and-control servers were taken offline.

In the aftermath of the operation, the Bureau reached out to Hunt to inquire whether there was an efficient way of alerting the victims that their systems and accounts had been compromised by Emotet.

The FBI shared email login information that was stored by Emotet for spamming via victims’ email providers, along with web credentials that were harvested from browsers that were saved to speed up logins with HIBP.

While, usually, these would be treated as two separate breaches, Hunt said that they were uploaded as a single breach since “the remediation is very similar”. However, users who want to check whether they’ve been affected by Emotet won’t be able to do so using the search bar on HIBP’s homepage. This is due to the fact that the incident has been classified as sensitive by Hunt, who explained that he chose this approach so that users impacted by Emotet wouldn’t become targets.

“A sensitive data breach can only be searched…

Source…