'Your data is public': Hacker warns victims after leaking 6.8 billion emails online

News
By published

Someone posted 150GB of emails to the dark web

Close up of a person touching an email icon.
Image Credit: Pixabay (Image credit: Geralt / Pixabay)
  • Hacker Adkka72424 claims leak of 6.8 billion unique email addresses
  • Cybernews verified around 3 billion usable emails, archive size 150GB
  • Massive leak poses phishing and BEC risks through tailored social engineering attacks

A hacker claims to have obtained, and leaked, 6.8 billion unique email addresses - and although the claims are unverified at this time, initial reports indicate at least half of those emails are real.

Researchers at Cybernews recently found a new post on a popular data leak forum created by a hacker with the alias Adkka72424 claiming to have obtained 6.8 billion unique email addresses through different channels - some of which were obtained illegally.

“Two years ago, I obtained more than 3.3 billion unique email addresses. After a long break, I started this again and spent about 2 months extracting emails from various combos, ULP collections, logs, and databases and extracted 6,839,584,670 unique email addresses,” the post reads.

At least half is useful

We don’t know if the database is being offered for free, or being sold, but Cybernews says the archive weighs in at 150GB. Analyzing the sample, they said that after removing unusable emails, duplicates, and invalid addresses, some three billion could be useful.

This would still put it among the biggest email leaks of all time, and a treasure trove for all hackers engaging in phishing and business email compromise.

“Based on comments on the forum thread, most users are excited about using the data to check if other leaks contain fresh new data, by comparing entries to this release,” Cybernews said.

“This allows threat actors to save time by trying to exploit only newly found leaked accounts.”

Many criminals, especially those engaged in social engineering, would profile their victims before attacking. They would look for their workplace, position, working hours, salary, and most importantly - contact information. By combining all these and creating a detailed profile, they are able to create tailored, highly effective phishing emails that can result in credential leaks and fraudulent wire transfers.

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.