- A threat actor is offering two cock.li databases for sale on the dark website
- The email accommodation provider confirms the authenticity of the database for sale
- Users are urged to change their passwords
A well -known email accommodation provider, supposedly popular between computer pirates and cybercriminals, has been pirate, with confidential information about more than one million users who end up on sale on the dark website.
The Cock.LI administration team confirmed that someone had exploited vulnerability in its Roundcube Webmail platform now retired, and that all those who have logged into their systems since 2016 are at risk.
“The hacker reports that they took the” users “and” contacts “,” says the announcement. “We could immediately confirm the validity of the escape depending on the column count and the samples provided.”
Webmail users affected
Cock.li is a German free -email accommodation provider, focused on privacy and self -advertising as an alternative to conventional solutions, which means that it has apparently been used by people who do not trust conventional companies, as well as cybercriminals.
Recently, he decided to abandon Roundcube completely, after discovering a remote code execution failure (RCE) that is actively exploited in nature.
“Cock.li will no longer offer Roundcube Webmail,” administrators said at that time. “Regardless of whether our version was vulnerable to this, we have learned enough about Roundcube to get it out of the service forever.”
Shortly after that happened, the service was interrupted, and then a threat actor began selling two supposedly taken databases from Cock.li, by a bitcoin, claiming that the databases contained user’s confidential information.
The email accommodation provider then confirmed the claims and urged users to update their passwords.
The tables contained email addresses, the first web -mail logging time, the last web -mail login, logging time log brand and accountant, language and a serialized representation of user preferences, which includes anything that saved in Roundcube (different configurations or firms), for approximately 1,023,800 users.
The attackers also obtained approximately 93,000 contact tickets of approximately 10,400 users, including their name, email, vcards and comments. Passwords, emails, IP addresses and the data of anyone who will never use Webmail was not compromised, administrators confirmed.
Through Bleepingcomputer
