• After an alleged hack, CoinMarketCap warns customers about duplicating passwords

  • Part of the findings from CoinMarketCap’s investigation into a recent hack that saw over three million email addresses, allegedly from the platform, trading on hacking forums have been released.

    The cybercriminals obtained an email address list obtained from another breach. They then compared them to other leaked data to generate a list of allegedly CoinMarketCap email addresses.

    CoinMarketCap confirms that its servers were not the source of the breach following an investigation. Instead, the platform suspects that affected users used the same password for both their CoinMarketCap and other accounts. This came after a thorough examination of their servers and the discovery of a lack of passwords among the leaked data.

    “Because no passwords were found in the data we saw, we believe it was most likely sourced from another platform where users may have reused passwords across multiple sites,” the team writes in a blog post.

    This “breach” occurred on October 12, 2021, and involved 3,117,548 email addresses. However, no monetary losses have been reported as a result of the leak. In comparison, severe incidents such as the Cryptopia attack resulted in large payouts to claimants.

    As a result, it appears unlikely that any funds will be lost in the absence of passwords.

    “We encourage everyone to practice good cybersecurity habits and use unique passwords on every site they visit,” the team says.

    Loss insurance for each hack

    CoinMarketCap is a subsidiary of the global exchange Binance. Binance paid an undisclosed sum for the company in March 2020.

    Coinbase, Binance’s direct competitor, was recently hacked using its Multi-Factor Authentication system. Over 6,000 customers’ funds were compromised as a result of compromised passwords, email addresses, and phone numbers.

    This was most likely a social engineering swindle. This is a scam in which victims unwittingly provide personal information to the hacker, which the hacker then uses.

    To their credit, Coinbase has crime insurance that can replace assets lost due to theft or cybersecurity breaches, and they were able to return the funds to user accounts. Overall, as hackers have identified cryptocurrency as a lucrative area of opportunity, this type of insurance has become increasingly necessary.

    KYC data trading thrives in hacker forums.

    Trading data on hacker forums is nothing new. In March, 8.2TB of Know-Your-Customer (KYC) data was compromised as a result of a hack against Indian payment and wallet service provider MobiKwik.

    The information was allegedly for sale on a hacker forum for 1.5 BTC. The seller set up a portal where users could search for specific results from the 8.2TB of data by entering a phone number or email address.

    What's your reaction?