ADVERTISEMENT

350 million decrypted email addresses left exposed on an unsecured server

Sending encrypted E-Mail protection secure mail internet symbol blue computer keyboard
Edvardas Mikalauskas
Edvardas Mikalauskas Senior Researcher
Aug 12, 2020 Updated: 16 January 2026 4 min read

What data is in the bucket?

  • 21 files in the bucket were CSV files containing email addresses
  • Seven CSV files contained email addresses that were hashed
  • Seven CSV files contained emails that were hashed and salted for an additional layer of encryption using the unreliable MD5 algorithm
  • The remaining seven CSV files were unencrypted, each of which included 50,000,000 strings of unique email addresses of (presumably) US users
censored email list screenshot
forum post
ADVERTISEMENT

Who had access?

What can threat actors do with this data?

  • Spamming 350 million email IDs
  • Carrying out phishing attacks
  • Brute-forcing the passwords of the email accounts

What happened to the data?

What to do if you have been affected?

  1. Use our personal data leak checker to see if your email has been leaked.
  2. If your email happens to be among those leaked, we strongly recommend that you immediately change your email password.
  3. Watch out for potential spam messages and phishing emails. Clicking on suspicious messages or any links therein is a risk that may result in your computer being infected with malware.
  1. Create long, strong, and unique passwords that are difficult to guess, or use a password manager to generate strong passwords for you.
  2. Avoid most common passwords.
  3. Change your passwords approximately every 30 days.
  4. Enable two-factor authentication (2FA) for as many of your online accounts as possible.

Protect yourself online with our hand-picked digital privacy tools

ADVERTISEMENT