Popular Italian email service provider Email.it recently admitted that it suffered a major breach in 2018 that involved the theft of personal data of 600,000 users by malicious actors who are reportedly selling the data on the Dark Web after it refused to pay a ransom.
NN Hacking Group, the cyber crime group behind the theft, announced the data breach on Twitter on Sunday and promoted a website on the Dark Web where they were selling data stolen from Email.it servers:
NN Hacking Group claimed that the data breach took place in January 2018 and they contacted Email.it in February to claim a ransom in return for the stolen data but the email service provider refused to pay up.
“We breached Email.it Datacenter more than 2 years ago and we plant ourself like an APT. We took any possible sensitive data from their server and after we choosen to give them a chance to patch their holes asking for a little bounty. They refused to talk with us and continued to trick their users/customers. They didn't contacted their users/customers after breaches!” the hacker group said via a post on its website.
Stolen Email.it data contained detailed activity records of 600,000 users
A spokesperson from Email.it told ZDNet that they refused to pay the ransom and informed the Italian Postal Police (CNAIPIC) about the massive theft of users' personal data. Following the unsuccessful blackmail attempt, the hackers started selling the stolen data on the Dark Web for between 0.5 and 3 bitcoin ($3,500 and $22,000).
According to the hacker group, they are in possession of 46 databases that contain information of users signed up for the free version of Email.it email account. The databases contain passwords, email contents, security questions, email attachments and plaintext SMS messages sent by more than 600,000 users who used the service between 2007 to 2020.
The hacker group also claims to be in possession of source codes of all Email.it's web applications, including admin and customer-facing applications. While it did not confirm if the hacker group's claims are correct, Email.it confirmed that customers' financial information wasn’t stored on the hacked server and that no business accounts were impacted.
Commenting on the cyber attack targeting Email.it, Stuart Sharp, VP of solution engineering at OneLogin, told TEISS that the theft is a significant worry for users of Email.it, and for the company itself whose brand reputation and security posture will suffer as a result of this breach. They may also find themselves in breach of legislation such as GDPR, which could incur fines sizeable enough to have a serious affect on the company’s bottom line
"Applying proactive measures such as two-factor authentication and other access controls as part of an enterprise’s standard privacy requirements can help to stop or mitigate the harm caused by incidents such as this. The data now hosted on dark web forums will move into the cybercriminal supply chain, working as fuel for further breaches, phishing attacks, malware distribution, data harvesting and in the most extreme cases wholesale identity theft.
"Stopping these breaches at the source will work to stop the cycle starting again, but in the meantime, Email.it needs to assist every user affected by the breach, urging them to ensure they update their credentials on any websites where they have used the same password, enable two-factor authentication on as many websites as possible, and consider signing up for a free credit rating monitor service," he added.
Javvad Malik, security awareness advocate at KnowBe4 told TEISS that "any breach of emails can have far-reaching impact. Emails contain a lot of sensitive information alone, and coupled with the fact that the passwords were allegedly stored in cleartext, it could provide a treasure-trove of information for any criminal wanting to target users with spear-phishing attacks.
"Affected users should change their password if they have used the same one across other systems. Additionally, for any services that have been registered using that particular email address, users should consider registering a new email address," he added.