Coinmama, one of the largest platforms in the industry for buying cryptocurrencies, fell victim to a detrimental hack, that resulted in a massive security breach.
A week ago, a hacker or a group of hackers whose identities are unknown put the account details from 24 breached websites up for sale on the Darknet. For less than $20,000 in Bitcoin, the seller offered access to the personal information of about 750 million users from such websites and apps like MyFitnessPal, Coffee Meets Bagel, Dubsmash and Armor Games, among others.
While the majority of the data was stolen throughout 2017 and 2018, the attacker had not put the information up for sale until now. Moreover, the list of breached companies was extended to 30 totaling nearly 841 million personal accounts which had been affected.
Coinmama Not Spared
The cryptocurrency brokerage platform with over 1.3 million active users confirmed that that email addresses and hashed passwords of about 450,000 users might have been leaked to the hacker as a part of this massive attack.
The attackers did not steal any cryptocurrency from users’ accounts, but the security team of the company is investigating the accident to identify the nature and scope of the intrusion. The experts believe that only accounts registered before Aug 5, 2017, were compromised. The company urged the customers at risk to change their passwords on Coinmama as well as any services where they use the same login details.
According to Coinmama, the hacker did not use the obtained personal data, while a timely statement and an email warning distributed by the company, allowing users to change their passwords. The exchange also confirmed that no other systems were affected.
Reason to Panic?
The company assures its customers have no reason to worry about their funds as Coinmama does not store information related to credit cards or bank accounts.
However, if someone buys the database with users’ credentials, it may get access to wallets with disabled two-factor authorization (2FA) to initiate unauthorized withdrawals.
How to Protect Yourself
While the company is monitoring the systems for suspicious activity and taking extra measures to strengthen its security systems, users should also take steps to protect their own information.
Coinmama will ask potentially affected users to change their passwords at the next login. However, this case is a good reminder for everyone to make sure that their password is at least eight characters, and has a mixture of symbols of both upper and lower case. This is nothing new, but it is incredible how many people use their birthday as a password to their financial services.
Apart from that, Coinmama reminds users to be wary of any unexpected communication that asks for their data and never click on links or download attachments from suspicious emails.
Are you affected by Coinmama’s security breach? Do you think this accident will erode the platform’s reputation? Let us know your thoughts in the comments below!