The Israel-based crypto brokerage Coinmama, which allows users to buy Bitcoin and Ethereum using a Credit Card, has suffered a massive data breach affecting 450,000 of its users.
The incident came into light in an official company announcement on February 15.
The data breach is purportedly a part of mammoth, multi-platform hack which affected 24 companies and a total of 747 million records, among them travel booking, gaming and streaming sites.
The official statement of the exchange disclosed a list of around “450,000 email addresses stolen and passwords compromised” of users who registered on its platform before August 5th, 2017 have been posted on a dark web registry –
“As of February 15, 2019, there has been no evidence of this data being used by perpetrators. Given the dated nature of the published data, we have no reason to suspect that any other Coinmama systems are compromised. Coinmama does not store credit card information.”
Besides notifying the users immediately, Coinmama says that its response team is requiring all potentially affected users to reset their passwords upon login, as well as monitoring its systems for suspicious activity or any unauthorized access.
The platform says that it’s working not just on enhancing its safeguards but also tracking any external signals that the compromised data is being used.
Aside from new password requirements for the potential victims of the data breach, the site requests all its users to make sure that their passwords are robust and unique, and to avoid opening emails or any attachments from unknown senders, or offering any personal data to any third party sites.
Although the data breach caused not only Coinmama, but a gamut of other companies outside the crypto sector. The hack represents the second high-profile system compromise in the industry this year.
On January 15, tens of thousands of Ethereum wallets hosted by New Zealand-based cryptocurrency exchange, Cryptopia, were hacked, which led to losses assessed to be worth up to $23 million with the breach continuing for a few weeks after the incident detection.
According to the recent reports from New York-based blockchain intelligence firm, Chainalysis, it is estimated that two organized hacker groups have reportedly stolen around $1 billion in cryptocurrency, accounting for the majority of funds lost in crypto-related scams.