Italian email provider Email.it has confirmed it suffered a breach two years ago, resulting in the theft of personal data relating to more than 600,000 of its users, ZDNet reported.
The group behind the attack goes by the name NN Hacking Group, and has even set up a Twitter account to promote the hack and to look for potential buyers for the database.
“We plant ourself (sic) like an APT,” it says, adding that it took “any possible sensitive data from their server”.
The data stolen, according to the group, relates to users that signed up for free Email.it accounts between 2007 and 2020, and includes plaintext passwords, security questions, email content, and email attachments.
Before going public with the information, the group attempted to extort the service provider for money, which it called “asking for a little bounty”, but Email.it refused to pay the ransom.
The database is now being sold online, with prices ranging from 0.5 BTC to 3 BTC. That equates to a price range of $3,700 - $22,000, by current Bitcoin prices.
The Italian police has been notified of the incident.