I guess the security breach at Libero Mail/Italiaonline was more than just stealing password digests

Earlier this month my email provider, Libero Mail (part of Italiaonline), sent out an email to their users advising that the email account DB had been compromised and password digests stolen. They advised that for security reasons users should change their passwords but that only the secure hashed version of passwords had been stolen, which they contend is quite hard to brute-force.

Well, guess what? I have had reports today from people saying that somebody claiming to be “Luigi Di Fraia” is sending out malicious emails to my contacts. Obviously they are not sending emails from my own email account but from ad-hoc/spamming accounts all over the place.
I guess hackers were able to steal personal information (such as name and phone book) during their attack to Libero Mail, and not just the password digest as advised, or even set up a back-door for further illegal activity.

Stay vigilant people! Double check the sender if you get unsolicited emails apparently from me: as you know, I am not the kind of person sending out emails along the lines of “check out this fantastic stuff at the following link”…

About Luigi Di Fraia

I am a Senior DevOps Engineer so I get to work with the latest technologies and open-source software. However, in my private time I enjoy retro-computing.
This entry was posted in Security and tagged , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s