Skip to main content

200m email accounts targeted by sextortion email campaigns

(Image credit: Image source: Shutterstock/Nicescene)

More than 200 million email accounts have been compromised and are being targeted by a sextortion campaign (opens in new tab), according to cybersecurity researchers.

Cofense has today published a database containing millions of compromised emails (opens in new tab) in which the victims were being threatened with the exposure of sexually compromising materials.

If the victim doesn’t pay ransom in cryptocurrency, hackers would threaten to share private photos and videos with the victim’s friends and family. How would the victim be sure that the hackers aren’t bluffing? Well, they’d share one of the victim’s passwords in the email.

Cofense says that poor password hygiene, reusing the same password across multiple sites and not changing passwords often enough are some of the reasons how hackers could get their hands on the victim’s credentials. The researchers claim these threats could lead to lost wages and a decrease in productivity.

These emails were being distributed using a botnet for rent (opens in new tab), and according to the researchers, the hackers amassed more than $1.5 million in crypto.

“This botnet is not infecting computers to acquire new data sets – it is a true “spray and pray” attack reusing credentials culled from past data breaches to fuel legitimacy and panic through sextortion scams,” said Aaron Higbee, Cofense Co-Founder and CTO.

“If your email address is found in a target list used by the botnet, it’s highly likely you will receive a sextortion email – if you haven’t already. We felt it was critical to get this information out. We hope that victims receiving a sextortion email will find our resource centre so they can avoid the anxiety and stress of trying to figure out whether to pay a bitcoin ransom.”

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.