[ad_1]
Coinmama, one of the world's largest cryptographic brokers with 1.3 million active users, suffered a security breach on 15 February.
The official statement of the exchange revealed that 450,000 email addresses and pbadwords had been disclosed during a mbadive global hacking attack involving 24 websites and some 747 million data.
The Coinmama team said:
Today, February 15, 2019, Coinmama was informed of a list of hacked emails and pbadwords published in a dark web registry. Our security team is investigating and, based on the information we have, we believe that the intrusion is limited to approximately 450,000 email addresses and hashed pbadwords of users who have registered until August 5, 2017 .
This is part of a wider violation affecting 24 companies and a total of 747 million user registrations.
Out: #Coinmama hacked and 450,000 users were affected. Make sure you change your pbadwords if you used the site to buy Bitcoin. pic.twitter.com/2w1OyXmpoe
– Jacob Canfield? (official account) (@JacobCanfield) February 16, 2019
No cryptocurrency such as Bitcoin, Ethereum and Ripple has been stolen from users' wallets and the Coinmama security team is currently investigating the alleged attack.
Not exclusive to Crypto but could be a bad look
The security breach of which Coinmama was a victim is not exclusive to the platform or the cryptocurrency sector.
Some of the most popular platforms, such as the popular Coffee Meets Bagel dating app and MyFitnessPal, have been attacked the same way.
Sending to TechCrunch, IntSights research team leader Ariel Ainhoren said the same vulnerability of previous attacks was being used to penetrate large-scale platform databases.
Most sites affected by the breach used the PostgreSQL database software. Once the hacker found a way to infiltrate the system, he downloaded the database on a wide range of sites.
Ainhoren explained:
We are still badyzing it, but it could have used some kind of vulnerability that appeared at that time and that was not corrected by these companies, or a brand new unknown vulnerability.
Since most of these sites are not known violations, it seems like we're dealing with a hacker who has done the hacking by himself, and not just someone who got it from somebody and who has just sold it.
Hackers did not access any user names or pbadwords disclosed on the dark web. Since the brokerage sent a statement to its users immediately after the publication of the report, most users have been able to change their pbadword.
However, if the dark web-based Coinmama database had been acquired by a buyer with malicious intent, unauthorized withdrawals from the platform's portfolios would not have permitted two-factor authorization (2FA ).
In the short term, the company said that it would strengthen platform security measures to prevent unauthorized access to user information and funds.
"Add continuous improvements to our systems to detect and prevent unauthorized access to user information. Monitor any external indication that the compromised data is being used and inform our customers, "noted the Coinmama team.
Bad timing
The alleged security breach of the Coinmama database comes at a time when confidence in the cryptocurrency market was weakening due to cases such as QuadrigaCX.
Although the offense did not steal funds, the incident could further deteriorate the image of the cryptocurrency stock exchanges.
In recent months, digital badet trading has begun to be viewed as a platform with weak internal management and security measures, despite the strong history of major cryptocurrency exchanges that establish industrial standards.
Although many exchanges such as Coinbase, Binance, and Gemini have not been compromised by security or hacking, growing security issues in the cryptocurrency exchange market have heightened market concerns. .
[ad_2]
Source link
