The hacking team behind it attack, it is called NN (No Name) Hacking Group. She claims that the real invasion took place two years ago, in January 2018. What do hackers say on their website:
“We violated Email.it Datacenter about 2 years ago and we identify ourselves as APT. We got everything sensitive data by server and we chose to give them the opportunity to cover the holes security asking them for a small reward. But they refused to talk to us either they continued to deceive them users / their customers. They did not inform their users / customers about the violation ".
A spokesman for the agency said Monday that the company refused to pay the hackers and alerted police (CNAIPIC).
Since the blackmail did not succeed and the company did not pay, the hackers they decided to do something else. Sell 600.000 user data on the dark web for 0,5 to 3 bitcoin ($ 3,500 and $ 22,000).
Hackers claim to own them 46 databases stolen from Email.it systems.
Databases contain information users who were registered to create one It's free account.
Specifically, they include: passwords, queries security, email content and attachments for more than 600.000 registered and used users from 2007 to 2020.
The hacking team also states that it has SMS messages, which were sent via the SMS service of the email provider.
Finally, the hackers said they stole it source code of all web apps of Email.it.
The email provider did not dispute the hackers' statements. He just clarified that their financial information was not stored users on the infringed server.
The company said it immediately notified the server and notified authorities.
Email.it also stated that Business was not affected accounts, as customer service information was not stored on that server.