Market Overview

GroupSense Uncovers Over 9 Million Potentially Weaponized Email Addresses


GroupSense Uncovers Over 9 Million Potentially Weaponized Email Addresses

Some addresses linked to Russia's Internet Research Agency (IRA) and engaged in attempts to impact policy and social media

PR Newswire

ARLINGTON, Va., Aug. 6, 2018 /PRNewswire/ -- An investigation triggered by researching an email address listed in the initial United States Department of Justice indictments handed down by Special Counsel Robert Mueller uncovered more than 9 million orphaned, stolen, or leaked email accounts potentially under singular control and designed to spread misinformation, according to the "Shark20385" report from GroupSense, a leading provider of cyber intelligence services.

GroupSense researchers launched their investigation after finding the password for one of the email addresses mentioned in the indictment,, in the GroupSense BreachRecon database. Analysis of this account led researchers to believe the password was computer-generated, prompting further investigation. As of today, researchers have identified over 9 million email addresses with similar computer-generated passwords.

Key findings thus far include:

  • Hijacked email accounts have been paired with other stolen credential data to conduct campaigns.
  • The email address linked to Russia's Internet Research Agency (IRA) by the Mueller team was used to operate a Reddit account -- allforusa -- which posted fake news stories from during the 2016 presidential campaign. is now a Russian gambling site.
  • Many of the associated email accounts were also used to post potentially fraudulent comments to the FCC's Net Neutrality filing site.
  • Compromised email accounts promoted biased content in an attempt to influence global issues and are used in site-for-hire activities.
  • Compromised email accounts continue to be used to influence public opinion on important topics.

"…[Our] team is strong on finding the proverbial needle. As a matter of course we often find suspicious data. In this case, we knew it may have not only impacted our customers, but the nation," said Kurtis Minder, CEO of GroupSense.

The GroupSense paper entitled "Shark20385," after one of the implicated password combinations, details the programmatic approach to creating false personas and looks into how the network was utilized to impact policy and social media. The investigation is ongoing and GroupSense researchers anticipate further report releases on this topic.

About GroupSense

GroupSense is a leading provider of cyber intelligence services. GroupSense is not a feed, or a search engine for the dark web. GroupSense are people, empowered by proprietary technology, helping information security and intel teams realize value. We are trusted by governments worldwide to assist in cyber intel program development, election monitoring, and anti-fraud and risk measures. GroupSense tracks known and suspected threat actor and groups, publishing research. Our team reaches out to affected organizations regardless of customer status. Learn more at

Josh Zecher
Vrge Strategies
Phone: (202) 463-0045

Adam Benson
Vrge Strategies
Phone: (202) 999-9104


Cision View original content:

SOURCE GroupSense

View Comments and Join the Discussion!