- A threatening actor offers two cock.li databases for sale on the dark web
- The accommodation supplier by e-mail confirms the authenticity of the database for sale
- Users are invited to modify their passwords
A well -known, allegedly popular email accommodation provider among hackers and cybercriminals has been hacked, with sensitive information on more than a million users to sell on Dark Web.
The cock.li’s administration team confirmed that someone had exploited a vulnerability in their webmail platform Roundcube now retired – and that all those who have connected to its systems since 2016 are in danger.
“The pirate reports that they took the” user “and” contacts “tables,” said the ad. “We were immediately able to confirm the validity of the leak according to the number of columns and the samples provided.”
Online users affected
Cock.li is a German free e -mail accommodation provider, focusing on confidentiality and advertising as an alternative to consumer solutions – which means that it has been used by people who do not trust consumer businesses, as well as cybercriminals.
Recently, he decided to completely abandon the RoundCube cube, after discovering a distant code execution fault (RCE) being actively exploited in the wild.
“Cock.li will no longer offer the Roundcube web card,” said administrators at the time. “It doesn’t matter that our version is vulnerable to this, we have learned enough on RoundCube to remove it from the service for good.”
Shortly after, the service was disrupted, then a threat actor began to sell two databases that would have been seized on cock.li, for a bitcoin, saying that the databases contained sensitive user information.
The e-mail accommodation supplier then confirmed complaints and urged users to update their passwords.
The tables contained email addresses, the first web connection horoditing, the latest web connection horoditing, the stranded connection time and the counter, the language and a serialized representation of user preferences, which includes all that they recorded in RoundCube itself (different settings or signatures), for around 1,023,800 users.
The attackers also took approximately 93,000 contact entries at around 10,400 users, including their name, e-mail, vcard and comments. Passwords, emails, IP addresses and anyone who has never used the web card has not been compromised, the administrators confirmed.
Via Bleeping Compompute
