Home GDPR #Privacy: Over 2.2m gaming and cryptocurrency passwords dumped online
GDPR - November 20, 2019

#Privacy: Over 2.2m gaming and cryptocurrency passwords dumped online

The personal information and passwords of more than 2.2 million users have been published online.

Security researcher, Troy Hunt, told Ars Technica on Tuesday, that users of GateHub a cryptocurrency wallet service and EpicBot, a gaming bot provider, had their information posted online despite being heavily encrypted.

Hunt uncovered databases online with as many as 1.4 million accounts from Gatehub, and 800,000 EpicBot accounts – all containing emails and passwords that were cryptographically hashed with technology named bcrypt.

GateHub released a statement in the summer confirming that it had been hacked, and that the perpetrator “gained unauthorized access to a database holding valid access tokens of our customers.” GitHub stated that the tokens were used to access 18,473 encrypted customer accounts. However, the recent findings show that the breach was much bigger than previously thought.

Rather than obtaining only access tokens, the perpetrators also gained access to email addresses, password hashes, mnemonic phrases and possibly wallet hashes.

The data stolen from the EpicBot leak, was published onto the same hacker forum as GateHub, and contained roughly 800,000 unique email addresses, usernames, bcrypt-hashed passwords and IP addresses

The company has not mentioned the breach on its website. Hunt’s announcement of the leak appears to be the best evidence to show that the breach did occur.

EpicBot users are urged to change their passwords as soon as possible, whilst GateHub users are urged to replace their mnemonic phrases.

The post #Privacy: Over 2.2m gaming and cryptocurrency passwords dumped online appeared first on PrivSec Report.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Check Also

Security awareness training: A business-critical function for the logistics and transportation industries

Maintaining security awareness is something that many companies struggle to maintain, part…