Israel-based cryptocurrency brokerage Coinmama has suffered a major data breach that affected 450,000 users. The company disclosed this information in a company announcement yesterday.
The breach is part of a massive hack that spanned 24 companies and 747 million records, which according to The Register, who originally broke the story of the hack, were listed for sale on dark web site Dream Market, which is a cyber-souk located in the Tor network. For a reported sum of less than $20,000 in Bitcoin (BTC), one could purchase the complete data records of the users of many high profile companies, including Coffee Meets Bagel, Artsy, Dubsmash, and Coinmama. Initially, 620 million accounts from 16 companies were listed for sale on Dream Market, with the remaining 127 million accounts, including those from Coinmama, posted days later.
Coinmama, which allows users to purchase Bitcoin, Ether, and five other cryptocurrencies with a credit card, said that “450,000 email addresses and hashed passwords” of users who registered on the platform before August 5th, 2017 were listed for sale on the dark web:
“As of February 15, 2019, there has been no evidence of this data being used by perpetrators. Given the dated nature of the published data, we have no reason to suspect that any other Coinmama systems are compromised. Coinmama does not store credit card information.”
Coinmama says its response team is now requiring all users to reset their passwords upon logging in. Like many sites, it also encourages its users to make sure their passwords are not easily guessable, and to avoid opening emails and attachments from senders they do not know.
While the hack affected a number of companies, the majority of which are not crypto or blockchain-based businesses, it opens up a fresh wound made by the Cryptopia hack last month, in which tens of thousands of Ethereum and ERC-20 token wallets were hacked, with losses estimated to be in the range of $23 million.