600,000 people affected by email provider breach
Personal user data is now available on the dark web for between $ 3,500 and $ 22,000 worth of bitcoins.
The personal data of over 600,000 Email.it users has been stolen and sold on the dark web. The incident surfaced on Sunday after the perpetrators took to Twitter to publicize the website that sells the data.
“Unfortunately, we have to confirm that we have suffered a hacker attack,” the Italian email provider confirmed in a statement to ZDNet, who broke history.
The hacker collective that claimed responsibility bears the nickname “No Name” or “NN” for short. The group said the breach occurred in January 2018. They then claimed on their website that they contacted Email.it about the flaws in the company’s infrastructure and asked for a “small bounty”, but the Italian email provider refused to communicate. with them.
Another post on their website said they attempted to extort the company on February 1.st of this year. An Email.it spokesperson confirmed this, but the company refused to play ball and contacted authorities instead.
According to the hackers’ claims, they now control 46 databases containing plain text passwords, email content and attachments from users who signed up for a free Email.it account between 2007 and 2020.
RELATED READING: Cybercrime Black Markets: Dark Web Services and Their Prices
The collective also claimed that it was able to access plain text SMS messages sent using the company’s texting service, as well as getting its hands on the source code of all Email.it web applications.
On the bright side, no financial data was stored on the hacked servers, and no corporate accounts were affected by the breach.
From now on, the affected servers need to be corrected and the relevant authorities, including the local data privacy regulator, have been notified.
The incident could echo an unrelated attack to U.S. email provider VFEmail last year, where bad actors went even further and wiped nearly two decades of data off the company’s servers.