Coinmama, Cryptocurrency exchange just shared details that 450,000 user accounts have been compromised and details have been put up on dark web for sale, a statement from CoinMama :
Coinmama was informed of a list of emails and hashed passwords that were posted on a dark web registry. Our Security Team is investigating, and based on the information at hand, we believe the intrusion is limited to about 450,000 email addresses and hashed passwords of users who registered until August 5th, 2017
Coinmama data breach is linked with hacks where 30 companies and a total of 841 million user records appeared on dark web markets for sale. The accounts include some variations of usernames and email addresses, names, locations by country and region, account creation dates, passwords hashed in various formats, and other account information. Although no financial details have been exposed. Coinmama clarified the same
Given the dated nature of the published data, we have no reason to suspect that any other Coinmama systems are compromised. Coinmama does not store credit card information, and do not hold user funds.
How CoinMama Data was Hacked
It is unclear , how this all happened but by viewing the available data for sale , it is certain that it is one hacker or a small team of hackers who are exploiting a vulnerability which is not known a.k.a zero day.
Hacker who got Coinmama data is selling data of other hacked sites on darkweb market
According to the latest listings, the sites also include 20 million accounts from Legendas.tv, OneBip, Storybird, and Jobandtalent, as well as eight million accounts at Gfycat, 1.5 million ClassPass accounts, 60 million Pizap accounts, and another one million StreetEasy property searching accounts.The hacker is selling the eight additional hacked sites for 2.6 bitcoin, or about $9,350. InSight a security firm mentioned on this data breach :
As most of these sites were not known breaches, it seems we’re dealing here with a hacker that did the hacks by himself, and not just someone who obtained it from somewhere else and now just resold it
What CoinMama is Doing
There is not much they can do now , as the data breach already happened. Coinmama stats that they are working diligently to protect people’s privacy, including:
Email notification. Sending emails on a rolling basis on February 15, 2019 to affected customers.
Password reset. Since February 15, started expiring the passwords of customers’ accounts. They recommend that you set a new password, and change it on any other service using the same credentials (email and password).
Law enforcement. Have reported this incident to law enforcement authorities and will continue to support their investigation.
Data protection authorities. Notifying the applicable regulatory authorities of this matter.
Monitoring. Taking additional measures to monitor any suspicious activity relating to our customers’ accounts.
These are all passive measures once the damage is done. I do hope they follow-up and share the details on how the hack took place , because if they do not do that it would simply mean that they had no checks in place.
CoinMama Users Safety
If you had on account on CoinMama, it is imperative that you change your password, keeping a strong password is important but it’s also important not to use that same password on other services and once it gets exposed it is no more good.
Stay Safe !!!