• Home
  • cyber
  • Cybernews: 'Your data is public': Hacker warns victims after leaking 6.8 billion emails online
cyber Breach

Cybernews: 'Your data is public': Hacker warns victims after leaking 6.8 billion emails online

Feb 1, 2024 2 min read
Cybernews: 'Your data is public': Hacker warns victims after leaking 6.8 billion emails online

Massive Email Leak Exposes 6.8 Billion Addresses, Fueling Phishing and BEC Threats

A hacker operating under the alias Adkka72424 has claimed responsibility for leaking a staggering 6.8 billion unique email addresses, marking one of the largest known email breaches to date. While the full scope of the leak remains unverified, researchers at Cybernews confirmed that roughly 3 billion of the addresses are valid and usable, after filtering out duplicates and invalid entries.

The hacker stated in a forum post that the dataset was compiled over two months, aggregating emails from various sources including combo lists, ULP (user:password) collections, logs, and databases some obtained through illegal means. The archive spans 150GB, making it a potential goldmine for cybercriminals. Though it’s unclear whether the data is being sold or distributed for free, forum users have already expressed interest in using it to cross-reference with other leaks, identifying fresh targets for exploitation.

The breach poses significant risks, particularly for phishing and business email compromise (BEC) attacks. Threat actors often use leaked email data to profile victims, gathering details such as workplace, job titles, and contact information to craft highly targeted social engineering scams. These tailored attacks can lead to credential theft, financial fraud, and unauthorized wire transfers, amplifying the threat landscape for individuals and organizations alike.

The incident underscores the persistent dangers of large-scale data leaks, where even partial validity can provide cybercriminals with a vast pool of potential targets. Further analysis is ongoing to assess the full impact of the breach.

Source: https://www.techradar.com/pro/security/your-data-is-public-hacker-warns-victims-after-leaking-6-8-billion-emails-online

Cybernews TPRM report: https://www.rankiteo.com/company/cybernews

"id": "cyb1770928025",
"linkid": "cybernews",
"type": "Breach",
"date": "2/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'Potentially billions of users',
                        'location': 'Global',
                        'type': 'Individuals and Organizations'}],
 'attack_vector': 'Aggregation of leaked data from multiple sources',
 'data_breach': {'data_exfiltration': 'Yes (leaked dataset)',
                 'number_of_records_exposed': '6.8 billion (3 billion '
                                              'confirmed valid)',
                 'personally_identifiable_information': 'Email addresses',
                 'sensitivity_of_data': 'Low to Medium (email addresses only, '
                                        'but can be used for targeted attacks)',
                 'type_of_data_compromised': 'Email addresses'},
 'description': 'A hacker operating under the alias *Adkka72424* has claimed '
                'responsibility for leaking a staggering 6.8 billion unique '
                'email addresses, marking one of the largest known email '
                'breaches to date. Researchers at *Cybernews* confirmed that '
                'roughly 3 billion of the addresses are valid and usable. The '
                'dataset was compiled over two months, aggregating emails from '
                'various sources including combo lists, ULP (user:password) '
                'collections, logs, and databases. The breach poses '
                'significant risks for phishing and business email compromise '
                '(BEC) attacks, enabling highly targeted social engineering '
                'scams.',
 'impact': {'data_compromised': '6.8 billion unique email addresses (3 billion '
                                'confirmed valid)',
            'identity_theft_risk': 'High'},
 'initial_access_broker': {'data_sold_on_dark_web': 'Potential (unconfirmed)',
                           'reconnaissance_period': 'Two months (data '
                                                    'aggregation period)'},
 'investigation_status': 'Ongoing',
 'lessons_learned': 'Large-scale data leaks pose persistent risks for phishing '
                    'and BEC attacks, even if only a portion of the data is '
                    'valid. Organizations and individuals must remain vigilant '
                    'against targeted social engineering scams.',
 'motivation': 'Potential financial gain (sale/distribution of data)',
 'post_incident_analysis': {'root_causes': 'Aggregation of leaked data from '
                                           'multiple sources, including combo '
                                           'lists, ULP collections, logs, and '
                                           'databases.'},
 'recommendations': 'Implement multi-factor authentication (MFA), educate '
                    'users on phishing risks, monitor for unusual activity, '
                    'and use email filtering solutions to detect and block '
                    'malicious emails.',
 'references': [{'source': 'Cybernews'}],
 'response': {'third_party_assistance': 'Cybernews (researchers)'},
 'threat_actor': 'Adkka72424',
 'title': 'Massive Email Leak Exposes 6.8 Billion Addresses, Fueling Phishing '
          'and BEC Threats',
 'type': 'Data Breach'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.