Italian email service provider Email.it has admitted it has suffered a cyber attack that saw the data of over 600,000 users put up for sale on the dark web.
According to the hackers, known as the NN Hacking Group, the attack was carried out in January 2018, when they were able to steal sensitive data from Email.it’s servers and demanded a bounty.
The stolen data included information such as passwords in plain text, security questions, email content and attachments for users who signed up or used the free email service between 2007 to 2020.
Email.it claimed to have informed the authorities about the breach rather than making a payment to the hackers.
But NN recently took to Twitter to promote the listing on a website hosted on the dark web after their attempted to blackmail the company failed. The data is now being sold for as much as 0.5 and 3 bitcoins for each file.
The hackers add that they are also in possession of plain text SMS sent using the service provided by email company. The hackers also claim to have stolen the source codes of Email.it’s web applications.
The company, while accepting the breach, said that the hacked server contained only administrative data like user’s billing address and since financial details were stored on another server, they were not compromised.
The details of Business email service were also not impacted, and Email.it also confirmed that it had patched the servers and informed the local data privacy regulatory authorities about the incident.