[BreachExchange] Email provider got hacked, data of 600, 000 users now sold on the dark web

Destry Winant destry at riskbasedsecurity.com
Wed Apr 8 10:31:39 EDT 2020


The data of more than 600,000 Email.it users is currently being sold
on the dark web, ZDNet has learned following a tip from one of our

"Unfortunately, we must confirm that we have suffered a hacker
attack," the Italian email service provider said in a statement to
ZDNet on Monday.


The Email.it hack came to light on Sunday, when the hackers went on
Twitter to promote a website on the dark web where they were selling
the company's data.

The hackers -- going by the name of NN (No Name) Hacking Group --
claim the actual intrusion took place more than two years ago, in
January 2018. We cite from their website:

We breached Email.it Datacenter more than 2 years ago and we plant
ourself like an APT. We took any possible sensitive data from their
server and after we choosen to give them a chance to patch their holes
asking for a little bounty. They refused to talk with us and continued
to trick their users/customers. They didn't contacted their
users/customers after breaches!

According to another message on their site, the hackers tried to
extort Email.it on February 1, when they asked for "a little bounty."

An Email.it spokesperson told ZDNet on Monday that the company
declined to pay and instead notified the Italian Postal Police

IT security and privacy: Concerns, initiatives, and predictions
(TechRepublic Premium)

Following the failed extortion attempt, the hackers are now selling
the company's data for an asking price that varies between 0.5 and 3
bitcoin ($3,500 and $22,000).

The hackers claim to be in possession of 46 databases they stole from
Email.it's systems.

Per NN, the databases contain information on users who signed up for a
free Email.it email account.

The hackers claim the databases contain plaintext passwords, security
questions, email content, and email attachments for more than 600,000
users who signed up and used the service between 2007 to 2020.

The hackers also claim to be in possession of plaintext SMS messages
sent through Email.it's SMS-sending service.

Furthermore, the hackers also said they exfiltrated the source code of
all Email.it's web apps, including admin and customer-facing

Email.it did not contest any of the claims on the hacker's website.
The only clarification the company made was to point out that no
financial information was stored on the hacked server.

"The attack only concerned a server with administrative data (billing
addresses and data for service communications)," Email.it told ZDNet
[translated message].

The company said it immediately patched the server and notified
authorities, including the country's local data privacy regulator.

Email.it also told ZDNet that no Business accounts were impacted, as
information about paid customers was not stored on the hacked server.

More information about the BreachExchange mailing list