CoinMarketCap, a price tracking website for cryptocurrencies, has been the victim of an attack that leaked 3.1 million (3,117,548) user email addresses.
The information came to light after it was discovered that the hacked email addresses were being traded and sold online on various hacking forums, and revealed by Have I Been Pwned, a website dedicated to tracking hacks and compromised online accounts.
CoinMarketCap, a subsidiary of cryptocurrency exchange Binance, confirmed that the list of leaked user accounts matched their user base:
โCoinMarketCap has noticed that batches of data have appeared online that purport to be a list of user accounts. While the data lists we have seen are just email addresses, we have found a correlation with our subscriber base. "
While it confirmed the correlation of the 3.1 million (3,117,548) email addresses of users with its user base on October 12, the company has ensured that hackers did not gain access to any of the passwords of the users. accounts. "We have not found any evidence of a data leak from our own servers; we are actively investigating this issue and will update our subscribers as soon as we have new information," the CoinMarketCap spokesperson said.
Despite the confirmation, CoinMarketCap has yet to identify the exact cause of the hack. Responding to Cointelegraph's request for comment, CoinMarketCap said:
"Since passwords are not included in the data we have seen, we think it most likely came from another platform where users may have reused passwords across multiple sites."
Related: Hackers Take Advantage of MFA Flaw to Steal 6,000 Coinbase Customers: Report
A recent attack on the crypto exchange Coinbase resulted in the compromise of 6,000 user accounts.
The attack was the result of exploiting the exchange's multi-factor authentication (MFA) system, suggesting that hackers had access to the user's email addresses. According to Coinbase, the attackers identified a vulnerability in the account recovery process:
"In this incident, for customers using SMS text messages for two-factor authentication, the third-party took advantage of a flaw in the Coinbase SMS account recovery process to receive a two-factor authentication token for SMS and get access to your account ".
While Coinbase has yet to reveal the value of the stolen assets, the incident was supplemented by thousands of formal complaints of the account holders against the company.
Post navigation
