Subj : Top email hosting provider Cock.li hacked - over a million user r To : All From : TechnologyDaily Date : Wed Jun 18 2025 18:15:07 Top email hosting provider Cock.li hacked - over a million user records stolen Date: Wed, 18 Jun 2025 17:04:00 +0000 Description: A now-retired Roundcube platform was abused to steal information on more than a million users. FULL STORY ======================================================================A threat actor is offering two Cock.li databases for sale on the dark web Email hosting provider confirms authenticity of the database on sale Users are urged to change their passwords A well-known email hosting provider , allegedly popular among hackers and cybercriminals, has been hacked, with sensitive information on more than a million users ending up for sale on the dark web. The administration team for Cock.li confirmed someone had exploited a vulnerability in its now-retired Roundcube webmail platform - and that everyone who has logged in to its systems since 2016 is at risk. The hacker reports they took the users and contacts tables, the announcement reads. We were immediately able to confirm the validity of the leak based on the column count and samples provided. Save up to 52% off Lifelock Identity Theft Protection! Your personal info is in endless places. And any one of them could accidentally expose you to identity theft. That's why LifeLock monitors hundreds of millions of data points a second for identity theft. LifeLock. For the threats you can't control. Preferred partner ( What does this mean? ) View Deal Webmail users affected Cock.li is a German free email hosting provider, focusing on privacy and advertising itself as an alternative to mainstream solutions - meaning it has apparently been used by people who dont trust mainstream companies, as well as cybercriminals. Recently, it decided to abandon Roundcube completely, after discovering a remote code execution (RCE) flaw being actively exploited in the wild. "Cock.li will no longer be offering Roundcube webmail," the admins said at the time. "Regardless of whether our version was vulnerable to this, we've learned enough about Roundcube to pull it from the service for good." Soon after that happened, the service was disrupted, and then a threat actor started selling two databases allegedly grabbed from Cock.li, for one bitcoin, claiming the databases contained sensitive user information. The email hosting provider then confirmed the claims, and urged users to update their passwords. The tables contained email addresses, first webmail login timestamp, last webmail login timestamp, failed login timestamp and counter, language, and a serialized representation of user preferences, which includes anything they saved into roundcube itself (different settings or signatures), for approximately 1,023,800 users. The attackers also scooped up approximately 93,000 contact entries from roughly 10,400 users, including their name, email, vcards, and comments. Passwords, emails, IP addresses, and the data of anyone who never used webmail, was not compromised, the admins confirmed. Via BleepingComputer You might also like Public database exposed 184 million credentials including Microsoft, Facebook, Snapchat, and government account logins Take a look at our guide to the best authenticator app We've rounded up the best password managers ====================================================================== Link to news story: https://www.techradar.com/pro/security/top-email-hosting-provider-cock-li-hack ed-over-a-million-user-records-stolen --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .