Email hosting provider Cock.li confirmed a data breach where threat actors exploited vulnerabilities in its Roundcube webmail platform, resulting in the theft of over a million user records. The incident exposed all users who had logged in since 2016, estimated at 1,023,800 people, along with contact entries for an additional 93,000 users. Sensitive information such as email addresses, login timestamps, and contact details were compromised. The breach highlights the importance of better security practices and the removal of vulnerable software.
TPRM report: https://scoringcyber.rankiteo.com/company/techlabcorp
"id": "tec602061725",
"linkid": "techlabcorp",
"type": "Breach",
"date": "6/2025",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': 1023800,
'industry': 'Technology',
'location': 'Germany',
'name': 'Cock.li',
'type': 'Email Hosting Provider'}],
'attack_vector': 'SQL Injection',
'customer_advisories': 'Recommended password reset for all users',
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': 1023800,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Email address',
'First and last login timestamps',
'Failed login attempts and count',
'Language',
'A serialized blob of Roundcube '
'settings and email signature',
'Contact names (for a subset of '
'10,400 accounts)',
'Contact email addresses (for a '
'subset of 10,400 accounts)',
'vCards (for a subset of 10,400 '
'accounts)',
'Comments (for a subset of '
'10,400 accounts)']},
'description': 'Email hosting provider Cock.li suffered a data breach after '
'threat actors exploited flaws in its Roundcube webmail '
'platform to steal over a million user records.',
'impact': {'data_compromised': ['Email address',
'First and last login timestamps',
'Failed login attempts and count',
'Language',
'A serialized blob of Roundcube settings and '
'email signature',
'Contact names (for a subset of 10,400 '
'accounts)',
'Contact email addresses (for a subset of '
'10,400 accounts)',
'vCards (for a subset of 10,400 accounts)',
'Comments (for a subset of 10,400 accounts)'],
'downtime': 'Service disrupted late last week',
'systems_affected': 'Roundcube webmail platform'},
'initial_access_broker': {'data_sold_on_dark_web': True,
'entry_point': 'Roundcube webmail platform'},
'lessons_learned': 'Better security practices could have prevented this user '
'data leak',
'motivation': 'Financial Gain',
'post_incident_analysis': {'corrective_actions': 'Removed Roundcube webmail '
'platform',
'root_causes': 'SQL injection vulnerability in '
'Roundcube webmail platform'},
'recommendations': 'Recommended password reset for all users',
'references': [{'source': 'BleepingComputer'}],
'response': {'communication_strategy': 'Published a statement on its website',
'containment_measures': 'Removed Roundcube webmail platform',
'remediation_measures': 'Recommended password reset for all '
'users'},
'title': 'Cock.li Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'CVE-2021-44026'}