The team at Coinmama has notified users of the crypto brokerage platform that it suffered a security breach that has resulted in customer data being available for sale on a dark web registry. The data included a list of about 450,00 emails and hashed passwords belonging to users who registered until August 5th, 2017. The team at CoinMama also explained that the security issue is part of a bigger breach that affected 24 companies and a total of 747 Million user accounts.
Coinmama explains that they are investigating the matter and believe there is no evidence that the data has been used by the hackers. They have created an Incident Response Team to identify the nature and scope of the breach. Consultations have also been sought from leading cyber-security firms. The following steps are being taken to continue protecting their customers.
- Notifying users affected by this breach with steps to safeguard their accounts and protect their data
- Requiring users affected to reset their password upon their next login. All other users are urged to verify that their passwords are unique and strong
- Continue monitoring Coinmama systems for suspicious activity
- Adding continuous enhancements to Coinmama systems to detect and prevent unauthorized access to user information
- Monitoring if the compromised data is being used, and keeping our customers notified
More on the Larger Breach Affecting 24 Companies
Earlier this week, personal information from 620 Million users from 16 companies was put up for sale on Dream Market, a dark web marketplace. A second batch of hacked data with 127 Million user records from 8 companies was later placed on sale by the same individual who goes by the of Gnosticplayers. 6 of the initial 16 sites were running the back-end database software of PostgreSQL. After exploiting a bug, the hacker was able to dump the database to a file and download it.
According to TechCrunch, the records from the recently affected 8 companies are as follows:
- 18 million records from Ixigo
- 40 million records stolen from YouNow
- Houzz with 57 million records stolen
- Ge.tt, 1.8 million accounts stolen
- 450,000 records from Coinmama
- 4 million records listed from Roll20
- 5 million records from Stronghold Kingdoms
- 1 million records from PetFlow
The 16 companies and records initially affected are as follows, and according to ZDNet.com.
- Dubsmash – 162 million
- MyFitnessPal – 151 million
- MyHeritage – 92 million
- ShareThis – 41 million
- HauteLook – 28 million
- Animoto – 25 million
- EyeEm – 22 million
- 8fit – 20 million
- Whitepages – 18 million
- Fotolog – 16 million
- 500px – 15 million
- Armor Games – 11 million
- BookMate – 8 million
- CoffeeMeetsBagel – 6 million
- Artsy – 1 million
- DataCamp – 700,000
What are your thoughts on the data breach at CoinMama that has affected thousands of emails and hashed passwords? Please share your ideas in the comments section below.