Data Breach

Updated: Italian email provider Email.it hacked, data of 600k users available for sale

A database stolen from the Italian email provider Email.it containing more than 600,000 users is available for sale on the dark web.

The Italian email provider Email.it has been hacked, the company admitted the incident while a hacker group named NN Hacking Group is offering the stolen data for sale on the dark web.

The group shared a series of snapshots on the dump on Twitter claiming that the hack is dated back January 2018, the hacker group also claimed that since then the email provider is still storing users’ passwords in plain text.

If confirmed, the situation is very serious because the email provider has never disclosed a data breach even if it was obliged by the European privacy legislation GDPR. I have an active account with Email.it and I still haven’t received any data breach notice from the provider.

The dump available for sale in the dark web includes 44 databases containing usernames and plain text passwords, security questions, email messages and related attachments for all 600K email accounts, and SMS and Fax in clear text sent and received by the users. The databases contain data on users who signed up for a free Email.it email account, so-called professional accounts were not impacted.

According to the company, no financial information was stolen by the hackers.

On Sunday the NN Hacking Group announced the hack and shared the link of a Tor service where they were selling the stolen data.

We breached Email.it Datacenter more than 2 years ago and we plant ourself like an APT. We took any possible sensitive data from their server and after we choosen to give them a chance to patch their holes asking for a little bounty. They refused to talk with us and continued to trick their users/customers. They didn’t contacted their users/customers after breaches!” reads the message published by the group on its website.

It seems that the hackers attempted to blackmail the Italian provider threatening to release the stolen data, but the company refused to pay and reported the incident to the Italian Postal Police.

Then the group of hackers decided to attempt to sell the Email.it data online for a price that varies between 0.5 for the list of credentials up to d 3 bitcoin for the entire dump containing the messages and the SMS/FAX ($3,500 and $22,000).

The hackers also claim to have stolen the source code of all Email.it’s web apps.

At the time of writing, the company confirmed to have secured its server and to have reported the incident to the local authorities, including the privacy watchdog.

Updated 07 April, 2020

I contacted the group of hackers to have more info on the hack:

Q: Did you hack the provider?

A: Yes, we breached http://Email.it datacenter

Q: Could you give me more details about the hack? Which kind of issues did you exploit?

A: Many ones. We chained multiple issues, including SQL Injection, code execution, privilege escalation and so on.

Q: Why did you hack Email.?

A: We targeted and breached other providers of course. Email. It was the worst in terms of security so we have chosen to public that. Email.it refused to reply us also if we proposed to help them to fix the vulns after a “bounty” payment.

Q: Did you try to contact the company?

A: Yes, many times from beginning 2020 but they refused to reply us.

Q: When the server was hacked? Are data up to date?

A: Yes, data up to date. DB is from 2020

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Email.it, data breach)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

2 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

13 hours ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

17 hours ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

23 hours ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

1 day ago

Finnish police linked APT31 to the 2021 parliament attack

The Finnish Police attributed the attack against the parliament that occurred in March 2021 to…

1 day ago

This website uses cookies.