CoinMarketCap Warns Customers About Duplicating Passwords After Alleged Hack

Please fol­low and like us:
Pin Share

Coin­Mar­ket­Cap has released part of the find­ings from its inves­ti­ga­tion into a recent hack that saw over three mil­lion email address­es, alleged­ly from the plat­form, trad­ing on hack­ing forums. 

The cyber­crim­i­nals took a list of email address­es leaked in anoth­er breach. They then com­pared them with oth­er leaked data to cre­ate a list of email address­es sup­pos­ed­ly from CoinMarketCap. 

Fol­low­ing its inves­ti­ga­tion, Coin­Mar­ket­Cap con­firms its servers were not the source of the breach. Instead, the plat­form believes that affect­ed users used the same pass­word for their Coin­Mar­ket­Cap accounts and oth­er accounts. This was after a thor­ough check of their servers and a lack of pass­words among the leaked data.

“As no pass­words are includ­ed in the data we have seen, we believe that it is most like­ly sourced from anoth­er plat­form where users may have reused pass­words across mul­ti­ple sites,” says the team in a post.

The date of this “breach” was 12 Octo­ber 2021 and involved 3,117,548 email address­es. How­ev­er, no mon­e­tary loss­es have been announced due to the leak. This is in com­par­i­son to severe inci­dents like the Cryp­topia attack, where sig­nif­i­cant sums were paid to claimants.

There­fore, with­out the pos­ses­sion of pass­words, it seems unlike­ly that any funds will be lost.

“We urge every­one to adopt good cyber­se­cu­ri­ty habits and to have unique pass­words on every site they use,” the team says.

Insurance for losses for each hack

Coin­Mar­ket­Cap belongs to the glob­al exchange Binance. Binance pur­chased the com­pa­ny in March 2020 for an undis­closed price. 

Coin­base, Binance’s direct com­peti­tor, recent­ly expe­ri­enced a hack by exploit­ing its Mul­ti-Fac­tor Authen­ti­ca­tion sys­tem. Over 6,000 cus­tomers’ funds lost funds through com­pro­mised pass­words, email address­es, and phone numbers. 

This was like­ly a social engi­neer­ing scam. This is a scam where vic­tims unwit­ting­ly divulge per­son­al infor­ma­tion, which the hack­er then uses. 

To Coinbase’s cred­it, they pos­sess crime insur­ance that can replace assets lost through theft or cyber­se­cu­ri­ty breach­es, and they were able to pay back the funds into user accounts. Over­all, this kind of insur­ance has become increas­ing­ly nec­es­sary as hack­ers have iden­ti­fied cryp­tocur­ren­cy as a lucra­tive area of opportunity.

Hacker forums a breeding ground for KYC data trading

Data trad­ing on hack­er forums is noth­ing new. In March, a hack against Indi­an pay­ment and wal­let ser­vice provider MobiK­wik saw 8.2TB of Know-Your-Cus­tomer (KYC) data compromised. 

The data was alleged­ly avail­able for sale on a hack­er forum at 1.5 BTC. The sell­er set up a por­tal where a user could search by using a phone num­ber or email address and get spe­cif­ic results from the 8.2TB of data.

Disclaimer


All the infor­ma­tion con­tained on our web­site is pub­lished in good faith and for gen­er­al infor­ma­tion pur­pos­es only. Any action the read­er takes upon the infor­ma­tion found on our web­site is strict­ly at their own risk.

Source link

Please fol­low and like us:
Pin Share

Leave a Reply

Your email address will not be published. Required fields are marked *