someone, either an attacker or insider at MintPal has come up with a way to do transactions on behalf of customers
Well, all they need is access to the database and the logs. They access the Database, find the password, log in, and complete the trade. They then log out, change the logs, and they are done.
This is so dumb that didn't bother reading the rest; you have obviously never been near the backend of any kind of web application or you'd know that:
A) Passwords are never stored in plain text, especially in a high security situation such as a bitcoin exchange.
B) If "all they had" was direct access to the database...why would they need your password? And why would they do a single trade on your account with amounted to losing you what like $20??
If the hackers had direct access to the database they could (or at least attempt to) clear out your entire balance and everyone else on the system.
They basically could do anything they want with your account without having to login or need your password.
I really hope such a thing as "KaChingCoin" does not actually exist if you are the "dev" for it.
+1 For basically all of that
Passwords in even only semi-secure sites are not stored in plain text.......
So no someone didnt grab your username, password and user agent from the DB, make a quick transaction for stuff all money and then cover their tracks.
If someone was that damned good they would have emptied the exchanges hot wallets not brought you shares that lost money.
