Coinmama, one of the largest crypto #brokerages in the global market with 1.3 million active users, suffered a #security breach on February 15.
The official statement of the #exchange disclosed that 450,000 email addresses and passwords were leaked in a massive global #hacking #attack involving 24 websites and some 747 million records.
The Coinmama team said:
Today, February 15, 2019 Coinmama was informed of a list of emails and hashed passwords that were posted on a dark web #registry. Our Security Team is investigating, and based on the #information at hand, we believe the intrusion is limited to about 450,000 email #addresses and hashed passwords of users who registered until August 5th, 2017.
This comes as part of a larger breach #affecting 24 companies and a total of 747 #million user records.
No cryptocurrencies such as Bitcoin, #Ethereum and Ripple were stolen from user wallets and the security team at Coinmama is currently investigating the alleged #attack.
NOT EXCLUSIVE TO #CRYPTO BUT COULD BE A BAD LOOK
The security breach which #Coinmama fell victim to is not exclusive to the platform or the cryptocurrency sector.
Some of the most widely utilized #platforms such as the popular dating app Coffee Meets Bagel and MyFitnessPal reportedly suffered identical #attacks.
Speaking to TechCrunch, IntSights research team leader Ariel #Ainhoren stated that the same vulnerability from previous attacks was used to break into the databases of large-scale #platforms.
Most sites affected in the breach were running#PostgreSQL database #software, and once the hacker found a way to infiltrate into the system, the hacker #downloaded the database across a wide range of sites.
We’re still analyzing it, but it could have been that he used some kind of #vulnerability that surfaced around that time and wasn’t #patched by these companies or a totally new unknown vulnerability.
As most of these #sites were not known breaches, it seems we’re# dealing here with a #hacker that did the hacks by himself, and not just someone who obtained it from somewhere else and now just #resold it.
No usernames and passwords leaked on the #dark web have been accessed by the hackers and since the #brokerage issued a statement to its users immediately after the release of the report, most users were able to change their #passwords.
However, if the database of #Coinmama dumped on the dark web had been acquired by a buyer with malicious intent, it could have led to unauthorized #withdrawals on the platform’s wallets that had not enabled two-factor #authorization (2FA).
In the short-term, the #company said that it will strengthen the security measures of the platform to prevent unauthorized access of user information and #funds.
“Adding continuous #enhancements to our systems to detect and prevent unauthorized #access to user information. Monitoring for any external #indication that the compromised data is being used, and keeping our customers notified,” the Coinmama #team noted.