Coinmama Passwords Stolen in Data Breach

Reading Time: 2 minutes

Crypto onramp Coinmama has been hit by a security breach that has seen the customer details of almost half a million users, including passwords, stolen. The Israel-based company, which allows the purchasing of major cryptocurrencies such as Bitcoin and Ethereum with debit and credit cards, said the hack was limited to about 450,000 email addresses and passwords of users who registered before August 5, 2017, and was part of a bigger hack involving hundreds of millions of user records.

841 Million User Records Compromised

Coinmama sent an email to potentially affected users Friday informing them of the hack and advising them to change their passwords immediately, before posting more information on their website about the incident, including the scale of the hack:

Today, February 15, 2019 Coinmama was informed of a list of emails and hashed passwords that were posted on a dark web registry. Our Security Team is investigating, and based on the information at hand, we believe the intrusion is limited to about 450,000 email addresses and hashed passwords of users who registered until August 5th, 2017. This comes as part of a larger breach affecting 30 companies and a total of 841 million user records.

Hacker Goes After Smaller Targets

The “dark web registry” Coinmama site is the work of one person who, over the course of one week, has infiltrated these thirty companies and put all the records up for sale, with the latest round of eight hacked sites’ data coming with a 2.6 BTC ($9,745) price tag. As well as Coinmama, the hacker has seemingly targeted smaller companies with lesser cybersecurity resources such as ClassPass, Pizap, StreetEasy, and Gfycat.

Coinmama Offers Advice to Users

As well as advising users to change their passwords immediately, Coinmama moved to reassure users that they didn’t hold payment details on file and were monitoring their servers for unusual activity. They also advised users to use unique, secure passwords, to be careful of any unexpected communication asking for personal data or links to suspicious-looking websites, and to avoid downloading attachments from suspicious emails. This information should be standard practice for all internet users, and the lack of further specific guidance suggests the leak may not be as serious as hacks on crypto exchanges like Cryptopia which have seen a significant loss of funds.