- A threat actor offers two cock.li -databases for sale on the dark web
- Provider of E -Mail -Hosting confirms the authenticity of the database for sale
- Users are encouraged to change their passwords
A well-known email hosting provider, allegedly popular with hackers and cyber criminals, has been hacked with sensitive information about more than a million users ending up for sale on the dark web.
The Cock.li Administration Team confirmed that someone had utilized a vulnerability in its now retired Roundcube Webmail Platform – and that anyone who has logged in to his systems since 2016 is at risk.
“Hacker reports that they took” users “and” contacts “tables,” the message reads. “We were immediately able to confirm the validity of the leak based on the pillar and try.”
Webmail users affected
Cock.li is a German free E -Mail hosting provider that focuses on privacy and advertises even as an alternative to mainstream solutions -which means it has apparently been used by people who do not trust mainstream companies, as well as cyber criminals.
Recently, it decided to abandon Roundcube completely after discovering that a remote code performance (RCE) was actively exploited in nature.
“Cock.li will no longer offer Roundcube webmail,” the administrators said at the time. “Whether our version was vulnerable to this, we’ve learned enough about Roundcube to pull it off the service for good.”
Shortly after this happened, the service was disturbed, and then a threat actor began selling two databases allegedly caught from Cock.Li, in a bitcoin in which he claimed the databases contained sensitive user information.
The provider of E -Mail -Hosting then confirmed the claims and encouraged users to update their passwords.
The tables contained e -mail addresses, first webmail login stamp, last webmail -login -tid stamp, failed login -time stamp and count, language and a serialized representation of user preferences that include everything they saved in Roundcube itself (different settings or signatures), for about 1,023.800 users.
The attackers also scooped approx. 93,000 contact items from approx. 10,400 users, including their name, e -mail, vcards and comments. Passwords, E emails, IP addresses and the data from anyone who never used webmail was not compromised, the administrators confirmed.
Via Bleeping computer
