Italian Email Provider Announced Hack That Exposed 600k Users

• Email.it admitted that hackers breached one of their servers, stealing sensitive data as a result.
• The hackers claim to have compromised Email.it over two years ago, finding all data in plaintext form.
• They are now selling everything in five neatly bundled packages on a dark web marketplace.

As if the Italians weren’t dealing with big enough problems already, “Email.it” has announced that they were breached by a group of hackers who are using the name “NN Hacking Group.” This breach happened about two years ago, in January 2018, but the email provider has admitted it only now after the data was put up for sale on the dark web. The hackers claimed on Twitter that they gave Email.it the chance to contain the damage if they paid the requested bounty, but the Italians allegedly refused to “collaborate”. The worst part is that they chose not to inform their users of the breach, which was their biggest mishap in this case.

The relevant dark web listing offerings the following items:

• Stuff emails, source code of apps, 46 databases, and 600k credentials – 5TB, 3 BTC ($22,050)
• All sent and received email messages including their attachments – 5TB, 2 BTC ($14,700)
• The source code of all web applications – 2.7GB – 1 BTC ($7,350)
• 44 databases including usernames and passwords, and any SMS and FAXes received or sent – 3GB, 1 BTC ($7,350)
• Usernames and passwords of over 600,000 users in a CSV file – 350MB, 0.5 BTC ($3,675)

The hackers claim that the passwords stored in the exfiltrated Email.it databases were in plaintext form, so they didn’t have to go through the trouble of decrypting them. This is another element that underlines the outrageous negligence of the email service provider, and it applies to everything else that is for sale, including the SMS messages, FAX messages, email attachments, email body content, etc. Email.it responded to the latest news by saying that the attack only concerns a single server containing administrative data, adding that they immediately patched it and notified the local data privacy protection authorities, as they were obliged to do by law.

In addition to disputing the above claims made by the hackers, Email.it told ZDNet that the information belonging to customers who were paying for email services was not stored on the hacked server, so these users are not affected by this incident. We don’t know how much of a consolation this is for the 600,000 users who were affected, especially now that they realized their sensitive data was in the hands of malicious hackers for over two years. We are sure that the trust of these people in the company has been irreversibly shaken, and that they probably won’t choose to upgrade their accounts to paid ones to enjoy better protection in the future.