Passwords and other sensitive data belonging to 1.4 million GateHub cryptocurrency wallet users was dumped online, a new report has revealed. The data was accessed after a breach on the wallet some months ago which the company revealed. The report has revealed that the hackers were able to access email addresses, passwords, mnemonic phrases and more.
The Ars Technica report revealed that the breach also affected EpicBot, a bot provider for the popular online game RuneScape. Altogether, the hackers dumped data for over 2.2 million users of both platforms on RaidForums, a widely visited hacker site.
GateHub was been the unfortunate target of a number of hacker attacks. In June, hackers managed to get access to 100 XRP Ledger wallets on the platform, and got away with over $10 million. However, it was in a second breach when the attackers were able to access sensitive user information including email addresses and passwords.
GateHub came out at the time of the hack and confirmed that information belonging to just over 18,000 users had been accessed. The company revealed that it had contacted the affected users and advised them to change their credentials. However, according to the latest report, the breach had been grossly downplayed, from the number of affected accounts to the extent of the information that the hackers accessed.
According to the report, “rather than obtaining only access tokens, the attackers also took 2FA keys, email addresses, password hashes, mnemonic phrases, and possibly wallet hashes.”
Despite the recent data dump, GateHub insists that it wasn’t as bad as thought. In an email, a member of the company’s security team stated that “the alleged GateHub database is being thoroughly examined by our team, therefore, we are unable to confirm its authenticity at this time.”
However, he still insisted that the hackers never accessed user wallet hashes.
“From what we have gathered so far, it does not contain wallet hashes. As mentioned before, we are still verifying its authenticity.”
For the affected users, Ars Technica advised:
“To ward off the growing threat of credential stuffing attacks, users of both sites should also change passwords for any other sites that used the compromised credentials. Users should also be on the alert for spear phishing and other forms of attack that make use of their personal information.”
New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.