Click to Skip Ad
Closing in...

Was your email account harvested by the dangerous Emotet botnet? Here’s how to find out

Published Apr 30th, 2021 1:19PM EDT
Have i been pwned
Image: James Thew/Adobe

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

The creator of the Have I Been Pwned data breach alert website is once again urging Internet users to check his site to see if their data has been caught up in yet another high-profile security incident — the incident, this time, being a botnet called Emotet, which the European Union’s law enforcement arm has described as “the world’s most dangerous malware.”

What happened: Emotet has been rampaging all over the Internet since 2014, but it was finally taken down by a joint law enforcement effort earlier this year between the US, Canada, and Europe. The botnet had ended up harvesting a few million email addresses, and the FBI thought the best way to let those people know about the issue was to give the 4.3 million addresses to Have I Been Pwned creator Troy Hunt’s service, which is regarded as a gold-standard resource for checking to see if your data has potentially been compromised or is in danger of being compromised thanks to the litany of leaks, stolen credentials, hacks, data breaches and the like that now occur on a pretty regular basis.

“This strain of malware dates back as far as 2014, and it became a gateway into infected machines for other strains of malware ranging from banking Trojans to credential-stealers to ransomware,” Hunt wrote in a blog post on his site. Emotet was extremely destructive and wreaked havoc across the globe before eventually being brought to a halt in February.”

Hunt says the 4.3 million email addresses that law enforcement agencies provided actually came from two data sets. One included email credentials stored by Emotet for sending spam via victims’ mail providers, while the other included web credentials harvested from browsers that stored them to expedite subsequent logins. The stolen email addresses, he adds, also span a wide range of countries and domains.

In addition to checking Have I Been Pwned to see if your email address is listed among the harvested accounts, Hunt says that these common-sense best practices are some of the steps you should take going forward to keep your data safe.

  • Keep your security software including anything you use for antivirus protection up to date.
  • And change your email password. It’s also a good idea to change your password and any security questions for accounts that are stored in either your inbox or internet browser, especially those passwords tied to high-value services like your bank account. Regularly changing your passwords is always a good idea.

“In addition,” Hunt continues, “all the old security best practices are obviously still important whether you find yourself in this incident or not. Use a password manager and create strong, unique passwords. Turn on 2-factor authentication wherever available. Keep operating systems and software patched.”

Andy Meek Trending News Editor

Andy Meek is a reporter based in Memphis who has covered media, entertainment, and culture for over 20 years. His work has appeared in outlets including The Guardian, Forbes, and The Financial Times, and he’s written for BGR since 2015. Andy's coverage includes technology and entertainment, and he has a particular interest in all things streaming.

Over the years, he’s interviewed legendary figures in entertainment and tech that range from Stan Lee to John McAfee, Peter Thiel, and Reed Hastings.