Unknown intruders have breached servers of US-based email provider VFEmail.net and destroyed all the data of its US customers in what the company has described as a "catastrophic destruction". According to VFEmail, hackers did not demand a ransom, nor attempt to steal users' confidential data, so the motive behind the damage would appear to be sabatage, although the reason is unclear at the moment. The attack occurred on 11th February and was detected after VFEmail's website and webmail client went down all of a sudden. Later, VFEmail posted a message on Twitter stating that its external-facing systems across multiple data centres had gone offline. After about two hours, the company revealed that its backup server had been formatted by an unknown attacker. The damage, Romero reported, extended to VFEmail's "entire infrastructure," including mail hosts, virtual machine hosts, and a SQL server cluster. The extent of the damage, he suggested, required the hacker to have multiple passwords. "That's the scary part."

Not 'A', an entire infrastructure.
Mail hasts, VM hosts,sql server cluster, hosted vms.
If they all had one password, sure, but they didn't. That's the scary part.

— Havokmon (@Havokmon) February 12, 2019

While VFEmail's website is now back online, its secondary domains are still not working. VFEmail owner Rick Romero posted an update to VFEmail's website, stating that the company is making all efforts to recover what user data could be salvaged. On Tuesday, Romero told KrebsOnSecurity that a backup drive hosted in The Netherlands has been recovered, but all mail for US users may have been lost for ever. He also revealed that the attacker likely operated from a server based in Bulgaria.

Yes, @VFEmail is effectively gone. It will likely not return.
I never thought anyone would care about my labor of love so much that they'd want to completely and thoroughly destroy it.

— Havokmon (@Havokmon) February 12, 2019