3.1 million user emails purportedly leaked in the CoinMarketCap hack

coinmarketcap
Spread the love

According to Have I Been Pwned, 3.1 million email addresses associated with CoinMarketCap accounts were purportedly being exchanged on hacker forums.

According to reports, a hack of CoinMarketCap, a website that tracks cryptocurrency prices, resulted in the disclosure of 3.1 million (3,117,548) user email addresses.

The information was made public after Have I Been Pwned, a website devoted to tracking hacks and compromised online accounts, discovered that the stolen email addresses were being swapped and sold online on various hacker forums.

The cryptocurrency exchange Binance’s subsidiary CoinMarketCap acknowledged that the list of compromised user accounts matched its user base:

CoinMarketCap has become aware that batches of data have shown up online purporting to be a list of user accounts. While the data lists we have seen are only email addresses, we have found a correlation with our subscriber base

The company has guaranteed that the hackers did not obtain access to any of the account passwords when confirming the linkage of the 3.1 million (3,117,548) user email addresses with its user base on October 12. A spokeswoman for CoinMarketCap stated, “We have not detected any indication of a data leak from our own servers. We are actively researching this matter and will notify our users as soon as we receive any new information.”

Although the attack has been confirmed, CoinMarketCap has not yet determined its precise cause. In response to a request for comment from Cointelegraph, CoinMarketCap stated:

As no passwords are included in the data we have seen, we believe that it is most likely sourced from another platform where users may have reused passwords across multiple sites

6,000 user accounts were compromised as a result of a recent attack on the cryptocurrency exchange Coinbase.

The fact that the exchange’s multifactor authentication (MFA) mechanism was exploited led to the attack, which may indicate that the hackers had access to user email addresses. Coinbase claims that the attackers discovered a flaw in the account recovery procedure:

In this incident, for customers who use SMS texts for two-factor authentication, the third party took advantage of a flaw in Coinbase’s SMS Account Recovery process in order to receive an SMS two-factor authentication token and gain access to your account.

Although Coinbase has not officially disclosed the value of the stolen assets, thousands of account holders have filed formal complaints against the company as a result of the event.

Leave a Reply

Your email address will not be published.