Skip to main content

Millions of accounts hit in huge sextortion email campaign

email security
(Image credit: Shutterstock.com / Nicescene)

A malicious email campaign looking to blackmail victims has affected millions of innocent users around the world, a new report has found.

Researchers from Cofense Labs have published a database of over 200 million compromised accounts hit by a wide-ranging campaign that is looking to spread malware and rake in ransoms from innoncent victims.

The campaign used a “for rent” botnet was used primarily to send sextortion emails, which look to extort money from the victims by threatening to release sexually-explicit content reportedly accessed on their device.

'Spray and pray'

Cofense Labs analysed over seven million email addresses impacted by sextortion in the first half of 2019 alone, finding that more than $1.5M in payments had been made to bitcoin wallets associated with sextortion campaigns this year. Many of these accounts were included in recent data breaches, but some were as much as ten years old.

The company says that poor password hygiene, including infrequent changes and reuse across multiple sites, is worsening the issue. Cofense is advising that anyone with emails included in the database should immediately change the passwords for any accounts linked to that address - and if a sextortion email is received, to not respond to the email or pay the ransom.

“This botnet is not infecting computers to acquire new data sets – it is a true “spray and pray” attack reusing credentials culled from past data breaches to fuel legitimacy and panic through sextortion scams,” said Aaron Higbee, Cofense Co-Founder and CTO. 

“If your email address is found in a target list used by the botnet, it’s highly likely you will receive a sextortion email – if you haven’t already. We felt it was critical to get this information out. We hope that victims receiving a sextortion email will find our resource center so they can avoid the anxiety and stress of trying to figure out whether to pay a bitcoin ransom.”