The group shared a series of snapshots on the dump on
If confirmed, the situation is very serious because the email provider has never disclosed a data breach even if it was obliged by the European privacy legislation GDPR. I have an active account with
The dump available for sale in the dark web includes 44 databases containing
According to the company, no financial information was stolen by the hackers.
On Sunday the NN Hacking Group announced the hack and shared the link of a Tor service where they were selling the stolen data.
“We breached Email.it Datacenter more than 2 years ago and we plant ourself like an APT. We took any possible sensitive data from their server and after we choosen to give them a chance to patch their holes asking for a little bounty. They refused to talk with us and continued to trick their users/customers. They didn’t contacted their users/customers after breaches!” reads the message published by the group on its website.
It seems that the hackers attempted to blackmail the Italian provider threatening to release the stolen data, but the company refused to pay and reported the incident to the Italian Postal Police.
Then the group of hackers decided to attempt to sell the Email.it data online for a price that varies between 0.5 for the list of credentials up to d 3 bitcoin for the entire dump containing the messages and the SMS/FAX ($3,500 and $22,000).
The hackers also claim to have stolen the source code of all Email.it’s web apps.
At the time of writing, the company confirmed to have secured its server and to have reported the incident to the local authorities, including the privacy watchdog.
Updated 07 April, 2020
I contacted the group of hackers to have more info on the hack:
Q: Did you hack the provider?
A: Yes, we breached http://Email.it datacenter
Q: Could you give me more details about the hack? Which kind of issues did you exploit?
A: Many ones. We chained multiple issues, including SQL Injection, code execution, privilege escalation and so on.
Q: Why did you hack Email.?
Q: Did you try to contact the company?
A: Yes, many times from beginning 2020 but they refused to reply us.
Q: When the server was hacked? Are data up to date?
A: Yes, data up to date. DB is from 2020