Carder.life

Carder.life (http://txgate.io:443/index.php)
-   Carding News (http://txgate.io:443/forumdisplay.php?f=38)
-   -   Hacker steals 1 million Cock.li user records in webmail data breach (http://txgate.io:443/showthread.php?t=51301484)

Artifact 06-17-2025 04:05 PM
<div id="post_message_797833">

Email hosting provider Cock.li has confirmed it suffered a data breach after threat actors exploited flaws in its now-retired Roundcube webmail platform to steal over a million user records.<br/>
<br/>
The incident exposed all users who had logged in to the mail service since 2016, estimated at 1,023,800 people, along with contact entries for an additional 93,000 users.<br/>
<br/>
Cock.li is a Germany-based free email hosting provider with a privacy-focused ethos and lax moderation policies, run by a single operator known as 'Vincent Canfield' since 2013.<br/>
<br/>
It is promoted as an alternative to mainstream email providers, supporting standard security protocols like SMTP, IMAP, and TLS.<br/>
<br/>
Cock.li is used by people who distrust major providers and members of infosec and open-source communities. It is also popular among cybercriminals, such as affiliates from Dharma, Phobos, and other ransomware gangs.<br/>
<br/>
Late last week, the Cock.li service was disrupted without public explanation, leaving users wondering what might have happened.<br/>
<br/>
Soon after, a threat actor <a href="http://x.com/ReyXBF/status/1933555211185819835" target="_blank">claimed to be selling</a> two databases containing dumped from Cock.li that contained sensitive user information, offering them for sale for a minimum of one Bitcoin ($92.5k).<br/>
<br/>
<img alt="" border="0" class="bbCodeImage" src="https://dl4.joxi.net/drive/2025/06/17/0048/3474/3202450/50/8ae1531a63.jpg"/><br/>
<div style="margin:20px; margin-top:5px; ">
<!-- <div class="smallfont" style="margin-bottom:2px">Quote:</div> -->
<table border="0" cellpadding="6" cellspacing="0" width="100%">
<tr>
<td class="alt2" style="background: rgb(37, 37, 37) none repeat scroll 0% 0%; border: 1px solid rgb(0, 0, 0); border-radius: 5px; font-size: 11px; text-shadow: none;">

Threat actor attempting to sell Cock.li database

</td>
</tr>
</table>
</div>Cock.li <a href="https://mail.cock.li/" target="_blank">published a statement</a> on its website yesterday, confirming the breach and the validity of the threat actor's claims.<br/>
<br/>
The email service confirmed that the following information has been exposed for 1,023,800 user accounts:<ul><li>Email address</li>
</ul><ul><li>First and last login timestamps</li>
</ul><ul><li>Failed login attempts and count</li>
</ul><ul><li>Language</li>
</ul><ul><li>A serialized blob of Roundcube settings and email signature</li>
</ul><ul><li>Contact names (only for a subset of 10,400 accounts)</li>
</ul><ul><li>Contact email addresses (only for a subset of 10,400 accounts)</li>
</ul><ul><li>vCards (only for a subset of 10,400 accounts)</li>
</ul><ul><li>Comments (only for a subset of 10,400 accounts)</li>
</ul>The service's announcement clarifies that user account passwords, email content, and IP addresses were not compromised, as these are not present in the stolen databases.<br/>
<br/>
Meanwhile, the 10,400 account holders who had third-party contact information exposed will be getting a separate notification.<br/>
<br/>
For everyone who used the service since 2016, it is recommended to reset their account passwords.<br/>
<br/>
The Cock.li data breach could be valuable to researchers and law enforcement, as the exposed information can be used to learn more about the threat actors who use the platform.<br/>
<br/>
<b><font size="5">Cock. li's removes Roundcube</font></b><br/>
<br/>
Cock.li says they believe the data was stolen using an old RoundCube SQL injection vulnerability tracked as CVE-2021-44026.<br/>
<br/>
This breach comes just as Cock.li recently analyzed an RCE flaw in Roundcube, CVE-2025-49113, which is <a href="https://www.bleepingcomputer.com/news/security/hacker-selling-critical-roundcube-webmail-exploit-as-tech-info-disclosed/" target="_blank">believed to be actively exploited in attacks</a>. Their analysis led them to remove the software from their platform in June 2025.<br/>
<br/>
"Cock.li will no longer be offering Roundcube webmail," explained the service admins.<br/>
<br/>
"Regardless of whether our version was vulnerable to this, we've learned enough about Roundcube to pull it from the service for good."<br/>
<br/>
"Another webmail is definitely on the table, but it is not an immediate priority for us."<br/>
<br/>
The announcement mentions that better security practices could have prevented this user data leak, admitting that "Cock.li should not have been running Roundcube in the first place."<br/>
<br/>
For those who want to continue using Cock.li for email, they will now have to use an IMAP or SMTP/POP3 client.<br/>
<br/>
<a href="https://www.bleepingcomputer.com/news/security/hacker-steals-1-million-cockli-user-records-in-webmail-data-breach/" target="_blank">@ BleepingComputer </a>
</div>


All times are GMT. The time now is 04:24 AM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, vBulletin Solutions, Inc.