More than 2.2 million users of two cryptocurrency websites got their passwords and sensitive personal information posted online.
The information, which contains not only passwords but other sensitive information about the users of the two websites.
GateHub Cryptocurrency Website Hacked
A cryptocurrency website, GateHub Cryptocurrency wallet service is one of the websites in question, which had about 1.4 million of their users’ information posted. Also, not less than 800,000 personal information of users of Runescape bot provider EpicBot was part of the information released.
The bcrypt cryptography hash of the passwords wasn’t enough to stop the malicious hacker in carrying out their act.
At least three months to the act, the cryptocurrency site GateHub had announced publicly that their servers have been hacked into. However_ it seems they have little idea of what damage the hackers did.
According to their report, the hackers were able to get away with just 18,473 accounts. They also reported that the hackers only had access to the victims’ hashed passwords, hashed recovery keys, encrypted XRP ledger wallets secret keys, and their names.
However, the information recently released to the unnamed media revealed that the number of affected accounts is not 18,000 as claimed, but 1.4 million.
In response to this incident, an anonymous member of GateHub’s security team wrote to inform the users about their knowledge of the incident. He assured them that the database is being authenticated to verify it, and assured them that re-encryption will be introduced to all accounts.
Finally, all EpicBot users are encouraged to change their passwords and any personal information they may have uploaded to the website, or leave the website completely. All efforts to reach the EpicBot officials proved abortive, suggesting they have no regard for user privacy.
However, how the perpetrator got the 3.72GB size information leaked and real identities of the hacker remains a puzzle yet to be solved.