Coinmarketcap hacked

[RapTarX]

there's no email or any message that contain malicious links.  So I doubt CZ claimed was right, it was just a FUD because I don't even receive emails in my inbox.

That's not how it works. Hacker will most possibly sell the email database in darkweb. The buyer can be assured that all these emails belong to people who are interested & linked with crypto. They can use the email for phishing purposes, for advertising purposes. You are unlikely to get an email instantly after the hack.
CZ claimed it as FUD? This guy can do anything to cover up their shit. Though I appreciate his business plan & success; he is not a good guy for the crypto at all in general. Can you remember the 7000 BTC hack from Binance? CZ tried his best to prevent the news from being spread everywhere & that's why he took attention to REVERSING (it's not a reverse though) the transaction with a fork even though he was certain that it's never going to happen.

[Quickseller]

Can someone tell me why emails are not encrypted or kept more securely, or what makes it more difficult to hack a password than an email?

Email addresses (and other non-password data) is normally stored in a database. The database itself will usually have permissions restrictions prevent an arbitrary person from accessing the database. The reason this information is stored in a database is so the business, in this case CMC can query this information to complete various tasks, such as emailing their customers.

A password on the other hand is typically stored in a "hashed" format. This means the actual is not actually stored, but rather the result of the password being passed into a hash function is stored. This means that someone querying the database cannot actually get the actual password, but if the correct password is entered into a query, it is trivial to confirm the correct password was entered. The reason passwords are stored this way is because there is no valid business reason for someone to query someone's password. Also, the number of people who can access even the hashed passwords is generally more restricted than other parts of the database.

CZ is denying the allegations, stating that it's only FUD.

No comment on this because I fortunately don't have a CMC account lol.



https://twitter.com/cz_binance/status/1451855293059584000

There have been a lot of hacks of various crypto services over the years. It is not inconceivable to believe that the leaked list is actually a compilation of email addresses used by crypto users.

[LTU_btc]

Didn't know you can create an account there. What the accounts are for on their platform? (Never visited their site for quite time)

You can use accounts to make a crypto watchlist and keep track of your portfolio, but people were mainly using them to claim diamonds and buy rewards (NFTs, vouchers, etc.). It's basically the same concept that Coingecko introduced some time ago with candies.

Maybe I was living under the rock for some time, but I also wasn't aware that's possible to make account on Coinmarketcap. And didn't knew about their diamonds. Well, fortunately I don't have account there, so my email isn't leaked.

CZ is denying the allegations, stating that it's only FUD.

No comment on this because I fortunately don't have a CMC account lol.

https://talkimg.com/images/2023/09/10/mqa9l.png

https://twitter.com/cz_binance/status/1451855293059584000

Offcourse, it may be just coincidence. But it's also possible that they deny these things just trying to defend their reputation.

[Stedsm]

Ridiculous how hackers try to steal data and information for their personal benefits. CMC seems to be working fine, I didn't see any kinda glitch on their site, don't know how and when this hack took place. I've got an account there, but as they claim that the passwords were not leaked, I still smell something fishy happening behind the curtain and I hope that their claims are not proven bullshit later on.

Even if our passwords are not leaked at CMC but some users whose email addresses ever got hacked (with their passwords) could be matched with the ones in the database that was received by the hacker and they may use those users' e-mail address' password, and who know if a user has used the same password here and at many places? It'll definitely ruin things for such users.

[mk4]

There have been a lot of hacks of various crypto services over the years. It is not inconceivable to believe that the leaked list is actually a compilation of email addresses used by crypto users.

Yep, never said it was impossible to be the case. It's just that there's a lot of potential reasons how there's a huge overlap between a "leaked" email list with CoinMarketCap's email list. Like how there's almost a guarantee on having a huge overlap between CoinMarketCap/CoinGecko users and Coinbase/Binance users. Something something innocent until proven guilty.

[shield132]

CZ is denying the allegations, stating that it's only FUD.

No comment on this because I fortunately don't have a CMC account lol.



https://twitter.com/cz_binance/status/1451855293059584000

Haha, this man is very shameful. They are denying what happened but at the same time are investigating? Cmon.
Btw what are partial matches? Oh, there was a leak on another website maybe on coingecko (joking of course) and somehow it happened like the emails that were leaked on another website were partial matches of the emails registered on coinmarketcap. Haha, idk if anyone believes that but probably people really believe, that's the reason why he lies.

This statement from him is done in order to act like a cool company and the CEO who works like a swiss watch, without problems.

[Darker45]

CZ is denying the allegations, stating that it's only FUD.

No comment on this because I fortunately don't have a CMC account lol.



https://twitter.com/cz_binance/status/1451855293059584000

Haha, this man is very shameful. They are denying what happened but at the same time are investigating? Cmon.
Btw what are partial matches? Oh, there was a leak on another website maybe on coingecko (joking of course) and somehow it happened like the emails that were leaked on another website were partial matches of the emails registered on coinmarketcap. Haha, idk if anyone believes that but probably people really believe, that's the reason why he lies.

This statement from him is done in order to act like a cool company and the CEO who works like a swiss watch, without problems.

LOL! This response seems familiar. Typical CZ gaming. LOL! Why is it so hard for this businessman to admit what actually happened?

There's no leak. It's simply FUD. There were partial matches on emails, though. And they're investigating. Please someone correct me if I  remember it wrong, but this is also the same response CZ provided during the 2019 Binance KYC leak. The news of the leak was fake. It was merely FUD. But there were also partial matches on the images and personal information. And they're also investigating, even offering a reward for the identification of the supposed hacker as well as VIP upgrades to the affected users.

This man doesn't appear credible at all.

[Quickseller]

There have been a lot of hacks of various crypto services over the years. It is not inconceivable to believe that the leaked list is actually a compilation of email addresses used by crypto users.

Yep, never said it was impossible to be the case. It's just that there's a lot of potential reasons how there's a huge overlap between a "leaked" email list with CoinMarketCap's email list. Like how there's almost a guarantee on having a huge overlap between CoinMarketCap/CoinGecko users and Coinbase/Binance users. Something something innocent until proven guilty.

Well I do think it would be strange for only email addresses to leak. There is typically more information that leaks when a database is compromised. I would have expected for at least IP addresses and some data about the accounts to leak.

There is a very narrow set of circumstances in which only email addresses would leak from CMC.

[ultrloa]

https://cointelegraph.com/news/coinmarketcap-hack-reportedly-leaks-3-1-million-user-email-addresses

Just a heads-up for anyone with an account there. Apparently, only the email addresses were leaked, so your account and diamonds are safe but you should still be cautious, you might start getting some phishing attacks sent to your email.

Eventhough they declare that our accounts is safe from that account we can't be so sure since there are other users especially those newbie accounts who use the same email and password for registration on a different platform so maybe there are other people do it on cmc since they think that its safe since this platform is owned by binance. So hopefully there are no victims of hacking on binance in this incident and stay away from phising guys.

[smyslov]

https://cointelegraph.com/news/coinmarketcap-hack-reportedly-leaks-3-1-million-user-email-addresses

Just a heads-up for anyone with an account there. Apparently, only the email addresses were leaked, so your account and diamonds are safe but you should still be cautious, you might start getting some phishing attacks sent to your email.

I do not have an account on Coinmarketcap but this is considered a piece of big news and a cause of concern, Coinmarketcap,  is a company owned by Binance and there are millions of users if they can hack a company owned by the biggest exchange in the industry, even small companies are at risk, those who have an account on Coinmarketcap should educate themselves on how to protect themselves on phishing emails, hackers are going to use those emails.

[Rabi3]

I created an account using a temporary email, but I assume that their database is large and it will cause a lot of losses because beginners trust the emails that are sent to them.

CoinMarketCap has become aware that batches of data have shown up online purporting to be a list of user accounts. While the data lists we have seen are only email addresses (no passwords),

Source  --> https://haveibeenpwned.com/PwnedWebsites#CoinMarketCap

The weirdest part is this quote, which means they don't know what exactly happened, and just because the password hasn't been hacked doesn't mean that customer data is safe.
I also didn't notice any new security update they made.

If they don't know exactly what happened there is a possibility that passwords were stolen but they just don't know about it and whoever hacked them kept that to himself, I am not taking any risks and my coinmarketcap password is never to be used again at least not with the same email address.

[mk4]

Well I do think it would be strange for only email addresses to leak. There is typically more information that leaks when a database is compromised. I would have expected for at least IP addresses and some data about the accounts to leak.

There is a very narrow set of circumstances in which only email addresses would leak from CMC.

Good point. My only guess is if that there was actually a leak that only consisted of emails, they're probably using some bizarre database setup specifically to prevent further damage when a leak does occur. Or maybe it was something like their newsletter database getting leaked specifically, not necessarily the emails of all accounts.

[pooya87]

LOL! This response seems familiar. Typical CZ gaming. LOL! Why is it so hard for this businessman to admit what actually happened?

HaHa. What did you expect from an idiot who when Binance got hacked started working hard for contacting a lot of mining pools begging them to 51% attack bitcoin so that they can reverse the transaction that stole bitcoin from his weak ass platform!

[Quickseller]

Well I do think it would be strange for only email addresses to leak. There is typically more information that leaks when a database is compromised. I would have expected for at least IP addresses and some data about the accounts to leak.

There is a very narrow set of circumstances in which only email addresses would leak from CMC.

Good point. My only guess is if that there was actually a leak that only consisted of emails, they're probably using some bizarre database setup specifically to prevent further damage when a leak does occur. Or maybe it was something like their newsletter database getting leaked specifically, not necessarily the emails of all accounts.

CMC published a blog post saying they believe someone compared a list of leaked email/password combinations to which of these combinations allowed them to login to CMC.

I don’t think it would really be fair to say that CMC actually leaked any information if the above is true.

[FatFork]

CMC published a blog post saying they believe someone compared a list of leaked email/password combinations to which of these combinations allowed them to login to CMC.

I don’t think it would really be fair to say that CMC actually leaked any information if the above is true.

Honestly, I don't think this is a plausible explanation, and the argument presented is far-fetched, to say the least. I think it's more like a pathetic attempt to dispel guilt by putting the blame on someone else rather than taking responsibility for yourself.

As no passwords are included in the data we have seen, we believe that it is most likely sourced from another platform where users may have reused passwords across multiple sites.

[Quickseller]

CMC published a blog post saying they believe someone compared a list of leaked email/password combinations to which of these combinations allowed them to login to CMC.

I don’t think it would really be fair to say that CMC actually leaked any information if the above is true.

Honestly, I don't think this is a plausible explanation, and the argument presented is far-fetched, to say the least. I think it's more like a pathetic attempt to dispel guilt by putting the blame on someone else rather than taking responsibility for yourself.

As no passwords are included in the data we have seen, we believe that it is most likely sourced from another platform where users may have reused passwords across multiple sites.

They also said they completed a security audit and were unable to find evidence of a security breach. I don't think it is reasonable to expect them to take responsibility if they cannot confirm the information actually came from them.