Data on 600,000 Email.it users for sale on dark web after email provider refuses to pay bounty

Email.it, an Italian email provider, has recently confirmed that it was breached, confirming suspicions raised after an announcement posted by the NN Hacking Group on its Twitter account on April 5.

Data stolen is said to contain private information on 600,000 users, including passwords in clear text, messages and attachments from Inboxes, SMS and fax messages. The hackers also claim to have gained the source codes of all Email.it”s web apps.

Were you a victim of a data breach? Time to find out with Bitdefender”s Digital Identity Protection tool.

To prove their no-good deed, the collective shared a series of screenshots, claiming the breach happened two years ago, in January 2018.

The hacking group also posted a notification on its website, teasing the fact that the Email service provider was contacted and made aware of the vulnerabilities. However, the company refused to pay, and, most importantly, did not inform their customers about the security breach.

“We breached Email.it Datacenter more than 2 years ago and we plant ourself like an APT. We took any possible sensitive data from their server and after we choosen to give them a chance to patch their holes asking for a little bounty. They refused to talk with us and continued to trick their users/customers”, said the NoName Hacking Group on their webpage.

Seems like the NN Hacking Group stay true to their creed “We breach companies, get and sell their data”, posting the link to their Tor page where they are now selling the loot for amounts ranging from $3,500 to $22,000 or 0.5 to 3 BTC (bitcoin).

As a comforting prospect, the breached servers did not contain any business accounts and no financial data was accessed. Email.it said it has patched up weak spots and informed local authorities along with a data privacy regulator.