ShellCodeX
Tools โ€ข Events โ€ข News โ€ข Insights
ShellCodeX Breach Report

Emotet Data Breach

Significant exposure
Verified breach Sensitive Malware sourced Passwords exposed
Accounts exposed 4,324,770
Breach date 27 Jan 2021
Added to tracker 26 Apr 2021
Data classes 2

What happened

In January 2021, the FBI in partnership with the Dutch NHTCU, German BKA and other international law enforcement agencies brought down the world's most dangerous malware: Emotet. The agencies obtained data collected by the malware and provided impacted email addresses to HIBP so that impacted individuals and domain owners could assess their exposure. Read more about the takedown and recommended actions.

Exposed data

Email addresses Passwords

Recommended actions

  • Change your Emotet password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing Emotet โ€” attackers weaponise breach data quickly.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP