Edition Zdnet He writes that 600,000 users of the email provider Email.it were put up for sale on the darknet. Representatives of the provider have already confirmed that the information about the compromise is true.
The hacking of Email.it was noticed last weekend when hackers began to advertise on Twitter a darknet site on which they sell data stolen from the company. Interestingly, a group that calls itself NN (No Name) Hacking Group claims that the hacking itself occurred more than two years ago, in January 2018.
“We hacked the Email.it data center more than two years ago, and implemented it as APT. We removed all possible confidential data from their server, and then decided to give them a chance to fix the holes (in security), requiring a small reward. They refused to communicate with us and continued to deceive their users / customers. They did not contact their users / clients after hacking! ”, The attackers write.
Another post on the group’s website contains a bit more details. According to him, on February 1, 2020, hackers tried to extort money from Email.it representatives.
Now the representative of the mail provider told ZDNet that the company had really refused to pay the ransomware and negotiate with them, and instead notified the law enforcement authorities about what had happened.
Now hackers are trying to monetize the information that came to them in another way and sell user data at a price of 0.5 to 3 bitcoins (from 3500 to 22 000 dollars). The group claims to own 46 databases that were stolen from Email.it.
The stolen databases contain information about users who had free email accounts. It is alleged that the dump contains unencrypted passwords, security questions, email content and attachments belonging to more than 600,000 users who registered and used the service between 2007 and 2020. Also, hackers allegedly managed to get even SMS messages sent through the SMS.it Email.it service.
In addition to the contents of the dump, cybercriminals brag about the fact that they were able to remove the source code of all Email.it web applications, including applications for administrators and clients.
During a conversation with reporters, representatives of the provider did not refute the statements of hackers. The company only emphasized that the hacked server did not have any financial information, as well as data from paid customers. It is reported that the gap on a previously vulnerable server is now closed.