Cock.li Data Breach Exposes Millions

Summary

Over one million Cock.li user records have been stolen in a data breach. The breach exposed user login details and contact information due to vulnerabilities in the outdated Roundcube webmail platform. Affected users should change their passwords and remain vigilant for potential phishing attempts.

Protect your data without breaking the bankTrueNAS combines award-winning quality with cost efficiency.

** Main Story**

We’ve got a serious data breach to unpack today, folks. Cock.li, a smaller email hosting service, suffered a hit, and it looks like over a million users got caught in the crossfire. The culprit? Apparently, some vulnerabilities in the now-retired Roundcube webmail platform. This allowed the bad actors to expose data from a whopping 1,023,800 accounts that were active since 2016. Plus, contact details for around 93,000 users were also compromised. Ouch.

Digging Into the Breach: What Went Wrong?

So, what exactly happened? Well, it all started with a service disruption, which understandably got users a little anxious about their account security. Then, a hacker stepped forward, claiming to have snatched two Cock.li databases and put them up for sale online for a cool Bitcoin. Cock.li confirmed the breach, outlining exactly what data was exposed. That includes:

• Email addresses
• First and last login timestamps
• Failed login attempts and count
• Language preference
• Serialized Roundcube settings and email signature

And for roughly 10,400 users, it gets even worse. Their contact names, email addresses, vCards, and even comments were exposed. The good news? Passwords were stored separately, so they’re supposedly safe. Cock.li also claims email content and IP addresses weren’t part of the leak. I hope that’s true.

The Vulnerability and Cock.li’s Response

The root cause, it seems, was an SQL injection vulnerability (CVE-2021-44026) in the outdated Roundcube webmail platform. Honestly, it’s a bit of a facepalm moment. Cock.li said they’d stopped using the vulnerable version of Roundcube a while ago. Though, they also admitted that better security practices could have prevented this whole mess. As a result, Roundcube is gone from their services for good. Can’t say I blame them.

Who Uses Cock.li, Anyway?

Now, you might be wondering, who even uses Cock.li? Well, they market themselves towards people who value privacy in their email services. We’re talking about folks in tech communities, those who are wary of the big email providers. However, it’s also been said that the service attracts some less-than-reputable characters from the cybercriminal underworld. This breach really underscores the risks of opting for less mainstream services, especially those with outdated software. It just goes to show that if a provider’s focusing on anonymity and lax moderation, their security measures might not be up to par.

That said, as of today, June 19, 2025, no reports of misuse of the stolen data have surfaced. Still, doesn’t mean people can relax.

What You Need to Do If You’re Affected

If you happen to be a Cock.li user, here’s what I would do, straight away: change your passwords immediately. And keep a close eye out for any phishing attempts. With your email address now out there, attackers could try to trick you with targeted phishing emails designed to steal your passwords or other sensitive info. Be extra careful with any unsolicited communication claiming to be from Cock.li, and whatever you do, don’t click on any links or download attachments from unknown senders. While this info is pretty current as of today, things could change. Keeping up with new developments in the breach is important if your information was impacted.

In short, this Cock.li breach serves as a stark reminder that even smaller, niche services aren’t immune to cyberattacks. It’s a good idea to keep security in mind when choosing where to store your digital information, even if you’re looking for privacy and anonymity.