Email provider hacked, data of 600,000 users now sold on the dark web
Data over 600,000 Email.it users is currently sold on the dark web, ZDNet learned after following a tip from one of our readers.
“Unfortunately, we have to confirm that we have suffered a hacker attack,” the Italian email service provider said on Monday in a statement to ZDNet.
Failed extortion attempt
The Email.it hack was revealed on Sunday when the hackers took to Twitter to promote a dark web website where they were selling company data.
The hackers, known as the NN (No Name) Hacking Group, claim that the actual intrusion took place over two years ago, in January 2018. We quote on their website:
We breached Email.it data center over 2 years ago and we are setting up as an APT. We took all the sensitive data possible from their server and after that we chose to give them a chance to fill their holes by asking for a small bonus. They refused to talk to us and continued to cheat on their users / customers. They did not contact their users / customers after violations!
According to another post on their site, the hackers attempted to extort Email.it on February 1, when they demanded “a small bounty”.
A spokesperson for Email.it told ZDNet on Monday that the company refused to pay and instead informed the Italian Postal Police (CNAIPIC).
Following the failed extortion attempt, hackers are now selling company data for a asking price ranging from 0.5 to 3 bitcoin ($ 3,500 to $ 22,000).
The hackers claim to be in possession of 46 databases that they stole from Email.it systems.
By NN, the databases contain information about users who have registered for a free Email.it email account.
Hackers claim the databases contain plain text passwords, security questions, email content and attachments for more than 600,000 users who signed up and used the service between 2007 and 2020.
Hackers also claim to be in possession of plain text SMS messages sent through Email.it’s SMS sending service.
In addition, the hackers also claimed to have exfiltrated the source code of all Email.it web applications, including administration and customer applications.
Email.it did not dispute any of the claims on the hacker’s website. The only clarification provided by the company was to point out that no financial information was stored on the hacked server.
“The attack only affected a server containing administrative data (billing addresses and data for service communications),” Email.it told ZDNet. [translated message].
The company said it immediately fixed the server and notified authorities, including the country’s local data privacy regulator.
Email.it also told ZDNet that no business accounts were affected because the information about paying customers was not stored on the hacked server.