Italian email service provider Email.it has confirmed that they suffered a cyber-attack that saw the data of over 600,000 users put up for sale on the dark web.
Email.it has admitted the cyber-attack, with the words, “Unfortunately, we must confirm that we have suffered a hacker attack.” The NN Hacking Group has attacked to steal sensitive data from Email.it’s servers and demanded a bounty in January 2018.
Hackers took a list on Twitter
The stolen data included passwords in plain text, security questions, email content, and attachments for users who signed up or used the free email service between 2007 to 2020.
The hacking group wrote on their website:
“We breached Email.it datacenter more than 2 years ago and we plant ourself like an APT. We took any possible sensitive data from their server and after we chosen to give them a chance to patch their holes asking for a little bounty. They refused to talk with us and continued to trick their users/customers. They didn’t contact their users/customers after breaches!”
After this message, Email.it said that they had informed the Italian Postal Police (CNAIPIC) about the breach rather than making a payment to the NN Hacking Group.
The hackers also claim to have stolen the source code of Email.it’s web applications. Email.it refused that the stolen data includes user names and passwords. They claimed that only administrative data like the user’s billing address had been stolen while the financial details were stored on another server. On the other hand, hackers are now selling the company data on Twitter. The data price varies between 0.5 and 3 bitcoins ($3,500 and $22,000).