Cyber Incident Victim: ePublic
Date:
Jan 2023
Location:
Italy
Summary
A database belonging to ePublic, an Italian IT provider for municipal governments, was leaked on an underground Telegram channel, exposing sensitive information from its Roundcube Webmail service. The compromised data included over 7,000 email accounts and associated hashed passwords, extracted from a database dump traced to the company's email management platform. The breach impacted multiple municipalities relying on the firm's SaaS solutions for public administration services, which are certified under Italy's AgID cloud catalog. The leaked credentials and personal information were disseminated within criminal forums, though the specific method of initial access remains unconfirmed. The incident underscores risks to public sector entities dependent on centralized third-party providers for critical communications infrastructure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 23, 2023, a complete database associated with Italian IT services provider ePublic was published on a prominent Telegram channel, as identified by Michele Pinassi of the Red Hot Cyber community. The leaked data corresponded to the Roundcube webmail client hosted at mail[.]epublic[.]it, which presented a login panel for an email service. ePublic, founded in 2003, specializes in providing web solutions to Italian municipalities through platforms like ComWeb and serves over 500 public administration clients nationwide. The database dump, dated January 22, 2023, contained personal information from more than 7,000 email mailboxes, including passwords encrypted with hashing algorithms. Roundcube, the affected open-source email client, operates on PHP-supported servers like Apache or Nginx and relies on relational databases such as MySQL or PostgreSQL.
The compromised data exposed credentials and contact details tied to ePublic’s services, which are listed in AgID’s catalog of qualified cloud providers for Italy’s public administration. ePublic’s platforms, including PiemonteWeb and ComWeb, historically provided regional information portals and standardized municipal websites. Red Hot Cyber confirmed the database’s authenticity and monitored for further developments but reported no immediate statement from ePublic regarding containment measures or forensic actions. The incident posed risks of credential misuse against Italian local government entities dependent on ePublic’s SaaS offerings. Technical specifics about the breach vector, such as exploitation of Roundcube vulnerabilities or unauthorized server access, remained unconfirmed in the available reporting.