Coinmama Hacked 450,000 Users Affected in Massive Worldwide Breach

[kkgfhj123]

Today, February 15, 2019 Coinmama was informed of a list of emails and hashed passwords that were posted on a dark web registry. Our Security Team is investigating, and based on the information at hand, we believe the intrusion is limited to about 450,000 email addresses and hashed passwords of users who registered until August 5th, 2017.

This comes as part of a larger breach affecting 24 companies and a total of 747 million user records.

https://www.ccn.com/breaking-major-crypto-brokerage-coinmama-hacked-450000-users-affected-in-massive-worldwide-breach

Few precautions after serious of hacks(cryptopia, localbitcoin, coinmama) :
1. Please avoid keeping your funds in exchanges
2. Use hardware wallet
3. Do not share your private key
4. Prefer using non-custodial exchanges like CoinSwitch, Changelly etc.,
5. Avoid KYC as much as you can.

[bitfocus]

shit! are the funds secured? any casualties ( i mean fund casualties)?

[Lucius]

From what is written in the article for now there has been no theft of any cryptocurrency, but users are warned to change their passwords. This is not only site which is report hack, and it seems hacker is found a vulnerability in PostgreSQL database software and stole many databases.

Users who not use 2FA could be particularly vulnerable, so it is best to change password and enable 2FA as soon as possible.

[kram31]

Users who not use 2FA could be particularly vulnerable, so it is best to change password and enable 2FA as soon as possible

Never forget to set 2fa on every account you have!
this will make your 3nd gate of security much strongerm though if the exchange was hacked then i dont think so.
There are so many hacking issues now, i hope there will be bug bounties and security to be done in every exchange like what coinbase is doing now!

[kkgfhj123]

Users who not use 2FA could be particularly vulnerable, so it is best to change password and enable 2FA as soon as possible

Never forget to set 2fa on every account you have!
this will make your 3nd gate of security much strongerm though if the exchange was hacked then i dont think so.
There are so many hacking issues now, i hope there will be bug bounties and security to be done in every exchange like what coinbase is doing now!

From what is written in the article for now there has been no theft of any cryptocurrency, but users are warned to change their passwords. This is not only site which is report hack, and it seems hacker is found a vulnerability in PostgreSQL database software and stole many databases.

Users who not use 2FA could be particularly vulnerable, so it is best to change password and enable 2FA as soon as possible.

I do not think 2FA will solve the problem for the fullest. There are users who's 2FA was hacked.

Unit 42, the global threat intelligence team at Palo Alto Network, discovered Mac malware that can steal cookies linked to crypto exchanges and wallets.

The Unit 42 team said:

“By leveraging the combination of stolen login credentials, web cookies, and SMS data, based on past attacks like this, we believe the bad actors could bypass multi-factor authentication for these sites. If successful, the attackers would have full access to the victim’s exchange account and/or wallet and be able to use those funds as if they were the user themselves.”

You can refer to the complete news here: https://www.ccn.com/mac-malware-steal-crypto-from-exchanges-wallets

After all such news how can we trust on 2FA. Please share what you think.

[Lucius]

kkgfhj123, what you post is related to crypto malware specifically related to Mac users. Hack of Coinmama and more the 20 web sites is related to hacking of databases, and every user can change passwords to prevent possible hacking of account. I think in this case (with hacked database) 2FA can not be bypassed, and because of that they say that such accounts are safer than those who are only protected with password.

The reports say this is the same hacker who hack some sites before and selling them on dark web for 20 000$ in bitcoin. Now he is asking 14 500$ for data hacked just few days ago. Considering amount of data it sells them pretty cheaply, but he/she still need to find buyer.

Hacker who stole 620 million records strikes again, stealing 127 million more

[hugeblack]

The reports say this is the same hacker who hack some sites before and selling them on dark web for 20 000$ in bitcoin. Now he is asking 14 500$ for data hacked just few days ago. Considering amount of data it sells them pretty cheaply, but he/she still need to find buyer.

Add to that the seller sells data based on the user data and the difficulty in cracking password hashes, which means you are safe if you modify the password quickly.
The reason for the hacking does not seem to have been mentioned at the top, in related to the large number of hacked accounts, read more about that here: https://www.zdnet.com/article/127-million-user-records-from-8-companies-put-up-for-sale-on-the-dark-web/

[icalical]

Today, February 15, 2019 Coinmama was informed of a list of emails and hashed passwords that were posted on a dark web registry. Our Security Team is investigating, and based on the information at hand, we believe the intrusion is limited to about 450,000 email addresses and hashed passwords of users who registered until August 5th, 2017.

This comes as part of a larger breach affecting 24 companies and a total of 747 million user records.

https://www.ccn.com/breaking-major-crypto-brokerage-coinmama-hacked-450000-users-affected-in-massive-worldwide-breach

Few precautions after serious of hacks(cryptopia, localbitcoin, coinmama) :
1. Please avoid keeping your funds in exchanges
2. Use hardware wallet
3. Do not share your private key
4. Prefer using non-custodial exchanges like CoinSwitch, Changelly etc.,
5. Avoid KYC as much as you can.

These precautions are not applicable for traders, we mostly keep a quite amount of money in exchange so we can execute trade order immediately. For trader the thing that we need to avoid is to register using the same email and password that is registered in our exchange platform.

The most common way to get our email and password is by making fake giveaway or airdrop, and ask people to register using email and password, some of us still using the same email and password for every kind of situation. We should not do that

[jossiel]

I'm not a customer of coinmama but these hacks do happen recently. They are targeting each of these popular exchanges and if someone there hasn't changed your password or doesn't implement 2FA with your accounts, follow what Lucius has been suggesting.

Users who not use 2FA could be particularly vulnerable, so it is best to change password and enable 2FA as soon as possible.

[bL4nkcode]

I wonder if this password hashes are possible to decrypt by brute force method.

To all who has an account of any exchange site always use a layered security, enabling 2fa and strong combination of password is a best practice.

[magneto]

Today, February 15, 2019 Coinmama was informed of a list of emails and hashed passwords that were posted on a dark web registry. Our Security Team is investigating, and based on the information at hand, we believe the intrusion is limited to about 450,000 email addresses and hashed passwords of users who registered until August 5th, 2017.

This comes as part of a larger breach affecting 24 companies and a total of 747 million user records.

https://www.ccn.com/breaking-major-crypto-brokerage-coinmama-hacked-450000-users-affected-in-massive-worldwide-breach

Few precautions after serious of hacks(cryptopia, localbitcoin, coinmama) :
1. Please avoid keeping your funds in exchanges
2. Use hardware wallet
3. Do not share your private key
4. Prefer using non-custodial exchanges like CoinSwitch, Changelly etc.,
5. Avoid KYC as much as you can.

Yikes. That's a big breach.

All the points that you made are excellent and I think that anyone who is using an exchange should follow them. As you said, I usually don't do KYC unless there is an absolute need to, because of the fact that you never know who your information is going to be shared with, whether it's going breached (even though this breach apparently only involved usernames and passwords). Also, use different passwords each time you sign up to something and keep track of what sites you're signing up to. That way, your other accounts won't be affected when a breach occurs.

However, I wouldn't consider non-custodial exchanges to be failsafe. They are also risky in terms of forcing you to take KYC, but they do give your funds instantly if the transaction does go smoothly. As long as no funds are stored on an exchange for an extended period of time, usually there are no issues.

I think that monetary losses on Coinmama's end are inevitable, even though they may not be reported now. I doubt the attacker only wants to sell the information when he can get much more from hacking into the accounts and withdrawing. Hopefully Coinmama is taking appropriate action.

[Zalaster]

Few precautions after serious of hacks(cryptopia, localbitcoin, coinmama) :
1. Please avoid keeping your funds in exchanges
2. Use hardware wallet
3. Do not share your private key
4. Prefer using non-custodial exchanges like CoinSwitch, Changelly etc.,
5. Avoid KYC as much as you can.

I absolutely agree with you. Keeping funds in your account is risky, so lately I prefer services without registration. I had problems blocking my Bittrex account, which made me look for new ways. I use Binance as well, but I don’t keep a lot of funds there. Also used CoinSwitch and ChangeNOW. As for KYC, you can avoid it by making small exchanges (~1 BTC)

[Tamilson]

shit! are the funds secured? any casualties ( i mean fund casualties)?

The report says that no funds were stolen and it's all safe. And no usernames and passwords leaked on the darkweb, good thing coinmama immediately act as they urgently advice their users to change their password.
So if you guys use it before to buy bitcoin better to change your password immediately and yes a 2fa. And better to link your account to email address for added security.

Better be safe than sorry.