Email Hack Allegedly Exposed Plaintext Passwords And Messages Of Over Half A Million Users
These are tough times for sure, and to make matters worse, a hacking group managed to infiltrate an email service in Italy and swipe the personal data of more than 600,000 users. The data, which is said to include plaintext passwords and contents of email messages, is for sale on the dark web for between 0.5 and 3 Bitcoin (around $3,500 to $22,000).
The culprits go by the name of NN (No Name) Hacking Group. They swiped the data from Email.it, then promoted it on Twitter. The group claims it breached the email service's data center two years ago, in January 2018, and asked for a bug bounty.
"They refused to talk with us and continued to trick their users/customers. They didn't contacted (sic) their users/customers after breaches!," the hacking group stated.
A spokesperson for Email.it told ZDNet that it did in fact opt not to pay the hackers, and instead contacted the Italian Postal Police (CNAIPIC). Email. It also confirmed that it was indeed hacked, though has not provided details on the fallout.
"Unfortunately, we must confirm that we have suffered a hacker attack," Email.It said in a statement.
The hackers say they swiped 46 databases from Email.it's servers. They claim the data includes plaintext passwords, security questions, email attachments, and even plaintext SMS messages (sent through Email.it's SMS sending service) of over half a million users who signed up and used the service between 2007 and 2020.
According to Email.it, the breach only occurred on a server with administrative data, and that the server has been patched.