Bitcoin Forum
November 02, 2024, 10:12:46 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Coinmama Hacked 450,000 Users Affected in Massive Worldwide Breach  (Read 191 times)
kkgfhj123 (OP)
Jr. Member
*
Offline Offline

Activity: 56
Merit: 4


View Profile
February 16, 2019, 12:13:24 PM
 #1

Today, February 15, 2019 Coinmama was informed of a list of emails and hashed passwords that were posted on a dark web registry. Our Security Team is investigating, and based on the information at hand, we believe the intrusion is limited to about 450,000 email addresses and hashed passwords of users who registered until August 5th, 2017.

This comes as part of a larger breach affecting 24 companies and a total of 747 million user records.

https://www.ccn.com/breaking-major-crypto-brokerage-coinmama-hacked-450000-users-affected-in-massive-worldwide-breach

Few precautions after serious of hacks(cryptopia, localbitcoin, coinmama) :

1. Please avoid keeping your funds in exchanges
2. Use hardware wallet
3. Do not share your private key
4. Prefer using non-custodial exchanges like CoinSwitch, Changelly etc.,
5. Avoid KYC as much as you can.

bitfocus
Member
**
Offline Offline

Activity: 532
Merit: 15


View Profile
February 16, 2019, 01:34:45 PM
 #2

shit! are the funds secured? any casualties ( i mean fund casualties)?
Lucius
Legendary
*
Offline Offline

Activity: 3416
Merit: 6137


Crypto Swap Exchange🈺


View Profile WWW
February 16, 2019, 02:10:53 PM
 #3

From what is written in the article for now there has been no theft of any cryptocurrency, but users are warned to change their passwords. This is not only site which is report hack, and it seems hacker is found a vulnerability in PostgreSQL database software and stole many databases.

Users who not use 2FA could be particularly vulnerable, so it is best to change password and enable 2FA as soon as possible.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
kram31
Full Member
***
Offline Offline

Activity: 791
Merit: 139



View Profile
February 16, 2019, 02:47:51 PM
 #4

Quote
Users who not use 2FA could be particularly vulnerable, so it is best to change password and enable 2FA as soon as possible

Never forget to set 2fa on every account you have!
this will make your 3nd gate of security much strongerm though if the exchange was hacked then i dont think so.
There are so many hacking issues now, i hope there will be bug bounties and security to be done in every exchange like what coinbase is doing now!
kkgfhj123 (OP)
Jr. Member
*
Offline Offline

Activity: 56
Merit: 4


View Profile
February 17, 2019, 05:09:33 AM
 #5

Quote
Users who not use 2FA could be particularly vulnerable, so it is best to change password and enable 2FA as soon as possible

Never forget to set 2fa on every account you have!
this will make your 3nd gate of security much strongerm though if the exchange was hacked then i dont think so.
There are so many hacking issues now, i hope there will be bug bounties and security to be done in every exchange like what coinbase is doing now!

Quote
From what is written in the article for now there has been no theft of any cryptocurrency, but users are warned to change their passwords. This is not only site which is report hack, and it seems hacker is found a vulnerability in PostgreSQL database software and stole many databases.

Users who not use 2FA could be particularly vulnerable, so it is best to change password and enable 2FA as soon as possible.

I do not think 2FA will solve the problem for the fullest. There are users who's 2FA was hacked.

Unit 42, the global threat intelligence team at Palo Alto Network, discovered Mac malware that can steal cookies linked to crypto exchanges and wallets.

The Unit 42 team said:

“By leveraging the combination of stolen login credentials, web cookies, and SMS data, based on past attacks like this, we believe the bad actors could bypass multi-factor authentication for these sites. If successful, the attackers would have full access to the victim’s exchange account and/or wallet and be able to use those funds as if they were the user themselves.”

You can refer to the complete news here: https://www.ccn.com/mac-malware-steal-crypto-from-exchanges-wallets

After all such news how can we trust on 2FA. Please share what you think.
Lucius
Legendary
*
Offline Offline

Activity: 3416
Merit: 6137


Crypto Swap Exchange🈺


View Profile WWW
February 17, 2019, 11:39:56 AM
 #6

kkgfhj123, what you post is related to crypto malware specifically related to Mac users. Hack of Coinmama and more the 20 web sites is related to hacking of databases, and every user can change passwords to prevent possible hacking of account. I think in this case (with hacked database) 2FA can not be bypassed, and because of that they say that such accounts are safer than those who are only protected with password.

The reports say this is the same hacker who hack some sites before and selling them on dark web for 20 000$ in bitcoin. Now he is asking 14 500$ for data hacked just few days ago. Considering amount of data it sells them pretty cheaply, but he/she still need to find buyer.

Hacker who stole 620 million records strikes again, stealing 127 million more

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
hugeblack
Legendary
*
Offline Offline

Activity: 2688
Merit: 3952



View Profile WWW
February 17, 2019, 05:35:03 PM
 #7

The reports say this is the same hacker who hack some sites before and selling them on dark web for 20 000$ in bitcoin. Now he is asking 14 500$ for data hacked just few days ago. Considering amount of data it sells them pretty cheaply, but he/she still need to find buyer.
Add to that the seller sells data based on the user data and the difficulty in cracking password hashes, which means you are safe if you modify the password quickly.
The reason for the hacking does not seem to have been mentioned at the top, in related to the large number of hacked accounts, read more about that here: https://www.zdnet.com/article/127-million-user-records-from-8-companies-put-up-for-sale-on-the-dark-web/

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
icalical
Sr. Member
****
Online Online

Activity: 1456
Merit: 278


Fully Regulated Crypto Casino


View Profile WWW
February 18, 2019, 12:14:33 AM
 #8

Today, February 15, 2019 Coinmama was informed of a list of emails and hashed passwords that were posted on a dark web registry. Our Security Team is investigating, and based on the information at hand, we believe the intrusion is limited to about 450,000 email addresses and hashed passwords of users who registered until August 5th, 2017.

This comes as part of a larger breach affecting 24 companies and a total of 747 million user records.

https://www.ccn.com/breaking-major-crypto-brokerage-coinmama-hacked-450000-users-affected-in-massive-worldwide-breach

Few precautions after serious of hacks(cryptopia, localbitcoin, coinmama) :

1. Please avoid keeping your funds in exchanges
2. Use hardware wallet
3. Do not share your private key
4. Prefer using non-custodial exchanges like CoinSwitch, Changelly etc.,
5. Avoid KYC as much as you can.


These precautions are not applicable for traders, we mostly keep a quite amount of money in exchange so we can execute trade order immediately. For trader the thing that we need to avoid is to register using the same email and password that is registered in our exchange platform.

The most common way to get our email and password is by making fake giveaway or airdrop, and ask people to register using email and password, some of us still using the same email and password for every kind of situation. We should not do that


█████████████████████████▄▄▄
████████████████████████▐███▌
█████████████████████████▀▀▀
██▄▄██▄████████████████████████▄███▄
▐██████▐█▌████▌███▌▐███▐███▀▀████▌
▀▀███▌██▌▐████▌▐███
█████▌███▌██████▌
██▐██████████████████▐███▐██████▐███
█████▌████████▐██████████▌███▌██████▌
███▀▀████▀▀████▀▀▀█████▀▀███▀▀█████▀▀


▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
▄▄█████████████████▄▄
███████████████████████
██████████▀▀▀▀▀██████████
███████▀░▄█████▄░▀███████
██████░▄█▀░░▄░░▀█▄░██████
█████░██░░▄███▄░░██░█████
█████░██░███████░██░█████
█████░██░░▀▀█▀▀░░██░█████
██████░▀█▄░▀▀▀░▄█▀░██████
███████▄░▀█████▀░▄███████
██████████▄▄▄▄▄██████████
███████████████████████
▀▀█████████████████▀▀
 
LICENSED CRYPTO
CASINO & SPORTS
|
▄▄█████████████████▄▄
███████████████████████
█████████████████████████
███████████████▀▀████████
███████████▀▀█████▐█████
███████▀▀████▄▄▀█████████
█████▄▄██▄▄██▀████▐██████
███████████▀█████████████
██████████▄▄███▐███████
███████████████▄████████
█████████████████████████
███████████████████████
▀▀█████████████████▀▀
 
TELEGRAM
APP
|
WELCOME BONUS
500% + 70 FS
 
██████
██
██
██
██
██
██
██
██
██
██
██
██████
 
PLAY NOW
██████
██
██
██
██
██
██
██
██
██
██
██
██████
jossiel
Hero Member
*****
Offline Offline

Activity: 3164
Merit: 636


DGbet.fun - Crypto Sportsbook


View Profile
February 18, 2019, 08:30:35 AM
 #9

I'm not a customer of coinmama but these hacks do happen recently. They are targeting each of these popular exchanges and if someone there hasn't changed your password or doesn't implement 2FA with your accounts, follow what Lucius has been suggesting.

Users who not use 2FA could be particularly vulnerable, so it is best to change password and enable 2FA as soon as possible.

bL4nkcode
Copper Member
Legendary
*
Offline Offline

Activity: 2142
Merit: 1307


Limited in number. Limitless in potential.


View Profile
February 18, 2019, 09:21:46 AM
 #10

I wonder if this password hashes are possible to decrypt by brute force method.

To all who has an account of any exchange site always use a layered security, enabling 2fa and strong combination of password is a best practice.
magneto
Hero Member
*****
Offline Offline

Activity: 1666
Merit: 753


View Profile
February 18, 2019, 07:23:12 PM
 #11

Today, February 15, 2019 Coinmama was informed of a list of emails and hashed passwords that were posted on a dark web registry. Our Security Team is investigating, and based on the information at hand, we believe the intrusion is limited to about 450,000 email addresses and hashed passwords of users who registered until August 5th, 2017.

This comes as part of a larger breach affecting 24 companies and a total of 747 million user records.

https://www.ccn.com/breaking-major-crypto-brokerage-coinmama-hacked-450000-users-affected-in-massive-worldwide-breach

Few precautions after serious of hacks(cryptopia, localbitcoin, coinmama) :

1. Please avoid keeping your funds in exchanges
2. Use hardware wallet
3. Do not share your private key
4. Prefer using non-custodial exchanges like CoinSwitch, Changelly etc.,
5. Avoid KYC as much as you can.

Yikes. That's a big breach.

All the points that you made are excellent and I think that anyone who is using an exchange should follow them. As you said, I usually don't do KYC unless there is an absolute need to, because of the fact that you never know who your information is going to be shared with, whether it's going breached (even though this breach apparently only involved usernames and passwords). Also, use different passwords each time you sign up to something and keep track of what sites you're signing up to. That way, your other accounts won't be affected when a breach occurs.

However, I wouldn't consider non-custodial exchanges to be failsafe. They are also risky in terms of forcing you to take KYC, but they do give your funds instantly if the transaction does go smoothly. As long as no funds are stored on an exchange for an extended period of time, usually there are no issues.

I think that monetary losses on Coinmama's end are inevitable, even though they may not be reported now. I doubt the attacker only wants to sell the information when he can get much more from hacking into the accounts and withdrawing. Hopefully Coinmama is taking appropriate action.
Zalaster
Member
**
Offline Offline

Activity: 308
Merit: 13


View Profile WWW
February 22, 2019, 10:26:45 AM
 #12


Few precautions after serious of hacks(cryptopia, localbitcoin, coinmama) :

1. Please avoid keeping your funds in exchanges
2. Use hardware wallet
3. Do not share your private key
4. Prefer using non-custodial exchanges like CoinSwitch, Changelly etc.,
5. Avoid KYC as much as you can.
I absolutely agree with you. Keeping funds in your account is risky, so lately I prefer services without registration. I had problems blocking my Bittrex account, which made me look for new ways. I use Binance as well, but I don’t keep a lot of funds there. Also used CoinSwitch and ChangeNOW. As for KYC, you can avoid it by making small exchanges (~1 BTC)
Tamilson
Hero Member
*****
Offline Offline

Activity: 1022
Merit: 503



View Profile
February 26, 2019, 10:42:56 AM
 #13

shit! are the funds secured? any casualties ( i mean fund casualties)?

The report says that no funds were stolen and it's all safe. And no usernames and passwords leaked on the darkweb, good thing coinmama immediately act as they urgently advice their users to change their password.
So if you guys use it before to buy bitcoin better to change your password immediately and yes a 2fa. And better to link your account to email address for added security.

Better be safe than sorry.

Happy Coding Life Smiley
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!