FBI teams up with ‘Have I Been Pwned’ to alert Emotet victims

FBI teams up with ‘Have I Been Pwned’ to alert Emotet victims


The data breach notification site now allows you to check if your login credentials may have been compromised by Emotet

The United States’ Federal Bureau of Investigation (FBI) has shared more than 4.3 million email addresses, harvested by the Emotet botnet, with data breach tracking website Have I Been Pwned (HBIP) in an effort to help alert victims of the notorious botnet.

“In all, 4,324,770 email addresses were provided which span a wide range of countries and domains. The addresses are actually sourced from 2 separate corpuses of data obtained by the agencies during the takedown,” said HBIP founder Troy Hunt in a blog post.

The move comes on the heels of an operation on Sunday where law enforcement agencies pushed out an update to all systems compromised by Emotet in order to cleanse them of the notorious Back in January, authorities from the Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, Canada, and Ukraine joined forces to disrupt the botnet by gaining control of its infrastructure and taking it down from the inside. Some 700 command-and-control servers were taken offline.

In the aftermath of the operation, the Bureau reached out to Hunt to inquire whether there was an efficient way of alerting the victims that their systems and accounts had been compromised by Emotet.

The FBI shared email login information that was stored by Emotet for spamming via victims’ email providers, along with web credentials that were harvested from browsers that were saved to speed up logins with HIBP.

While, usually, these would be treated as two separate breaches, Hunt said that they were uploaded as a single breach since “the remediation is very similar”. However, users who want to check whether they’ve been affected by Emotet won’t be able to do so using the search bar on HIBP’s homepage. This is due to the fact that the incident has been classified as sensitive by Hunt, who explained that he chose this approach so that users impacted by Emotet wouldn’t become targets.

“A sensitive data breach can only be searched by the verified owner of the email address being searched for. This is done via the notification system which involves sending a verification email to the address with a unique link. When that link is followed, the owner of the address will see all data breaches and pastes they appear in, including the sensitive ones,” states the site’s FAQ section.

If the search reveals that you’ve been affected by the infamous botnet, Hunt suggests several easy steps you can follow to mitigate the impact:

  • Change your email password and the passwords of any high-value services that you have connected to that account.
  • Keep your security solution and devices patched and up-to-date.
  • Administrators that are in charge of systems with multiple users should use the YARA rules released by DFN-CERT.

You May Also Like…