Researcher finds 184 million unique credentials in unsecured database including bank, health, government, and major tech platform logins

6 hours ago 2

Close up of a person touching an email icon.

Image Credit: Pixabay (Image credit: Geralt / Pixabay)

A threat actor is offering two Cock.li databases for sale on the dark web
Email hosting provider confirms authenticity of the database on sale
Users are urged to change their passwords

A well-known email hosting provider, allegedly popular among hackers and cybercriminals, has been hacked, with sensitive information on more than a million users ending up for sale on the dark web.

The administration team for Cock.li confirmed someone had exploited a vulnerability in its now-retired Roundcube webmail platform - and that everyone who has logged in to its systems since 2016 is at risk.

“The hacker reports they took the “users” and “contacts” tables,” the announcement reads. “We were immediately able to confirm the validity of the leak based on the column count and samples provided.”

Webmail users affected

Cock.li is a German free email hosting provider, focusing on privacy and advertising itself as an alternative to mainstream solutions - meaning it has apparently been used by people who don’t trust mainstream companies, as well as cybercriminals.

Recently, it decided to abandon Roundcube completely, after discovering a remote code execution (RCE) flaw being actively exploited in the wild.

"Cock.li will no longer be offering Roundcube webmail," the admins said at the time. "Regardless of whether our version was vulnerable to this, we've learned enough about Roundcube to pull it from the service for good."

Soon after that happened, the service was disrupted, and then a threat actor started selling two databases allegedly grabbed from Cock.li, for one bitcoin, claiming the databases contained sensitive user information.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The email hosting provider then confirmed the claims, and urged users to update their passwords.

The tables contained email addresses, first webmail login timestamp, last webmail login timestamp, failed login timestamp and counter, language, and a serialized representation of user preferences, which includes anything they saved into roundcube itself (different settings or signatures), for approximately 1,023,800 users.

The attackers also scooped up approximately 93,000 contact entries from roughly 10,400 users, including their name, email, vcards, and comments. Passwords, emails, IP addresses, and the data of anyone who never used webmail, was not compromised, the admins confirmed.

Via BleepingComputer

Public database exposed 184 million credentials including Microsoft, Facebook, Snapchat, and government account logins
Take a look at our guide to the best authenticator app
We've rounded up the best password managers

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read Entire Article