Home » Business » Tiscali: attack on user databases claimed, but the company denies it

Tiscali: attack on user databases claimed, but the company denies it

Yesterday an alleged attack on the systems was claimed they manage the Tiscali user databases, through the sale on RaidForums of those that are presented as exfiltrated dumps from these servers, containing login data of the widespread national mailboxes.

Resale of Tiscali data, what is known and what is doubted

The dubitative form is necessary because no proof of the veracity of the dumps is provided; the company has denied a data breach against users – but reports that it has filed a report to the competent authorities because of this claim. For now, the e-mails from the dump only seem to be attributable to personal addresses of employees.

February 9, 2022 – 12:00

Cybersecurity: can you protect the new digital ecosystems? Let’s talk about it with the experts!

The malevolent actor, registered as “Mont4n4”, is the same one who triggered the alarm in mid-December with another sale announcement against Tiscali, that time having as its object the vulnerability itself that would have served to exfiltrate these data, that is a never fixed SQL injection. The company has also denied the presence of this vulnerability.

Data breach: practical examples of the EDPB to notify a personal data breach

As stated in the announcement, the data offered for sale would concern a list of just over 2000 login credentials for Tiscali mailboxes, a part exfiltrated from domain [.com] and a part from domain [.it]. If the news were verified it would be serious, both because it exposes the access data of the mailbox owners, and because the incident is strictly connected to the sale of the respective vulnerability still not adequately repaired.

We will continue to follow the story, given the attention that is being generated in the sector.

This is a modified version of the original article, having understood the position of the company


Leave a Comment