On June 17, 2025, Cock.li, a free email service provider in Germany, recently confirmed that its platform had suffered a data breach. Hackers used vulnerabilities in the old version of the Roundcube Webmail system to steal records of over 1.02 million users.
This leak involves all users who have logged into Cock.li email since 2016, as well as approximately 93000 contact information. The leaked content includes email addresses, login timestamps, login failure times, language settings, and contact details for some accounts, but does not include passwords, email content, or IP addresses.
Cock.li operator Vincent Canfield stated that attackers may have exploited the CVE-2021-44026 SQL injection vulnerability in Roundcube to complete the intrusion. Shortly after the incident, some threatening individuals began selling related databases, with the lowest bid being one Bitcoin. Cock.li subsequently released a statement on their official website confirming the authenticity of the attack and announcing that they will permanently remove the Roundcube service to prevent similar incidents from happening again.
Cock.li is known for its emphasis on privacy and loose management, and is widely welcomed by the information security community and some cybercrime groups. This data breach has also raised concerns from the outside world, and the exposure of information may help law enforcement agencies identify some malicious users.
Cock.li recommends that all users immediately change their passwords and reminds that some accounts containing third-party contact information will receive separate notifications. The service provider admitted that this incident could have been avoided through stricter security management and will strengthen platform protection in the future. The current user needs to continue accessing the email service through IMAP or SMTP/POP3 client.