Recently, a security researcher behind the information breach index “Have I Been Pwned” stated that password information and personal data of 2.2 million clients of two websites had been dumped online. Most recently, Ars Technica revealed that Troy Hunt, a security researcher, affirmed that the compromised information was linked with cryptocurrency wallet account GateHub and RuneScape bot provider EpicBot.
The data includes individual information from 1.4 million accounts taken from the GateHub cryptocurrency wallet service. Moreover, the other website has the information of around 800,000 accounts on EpicBot, a RuneScape bot provider. Further, the databases incorporate registered email passwords and addresses that had been cryptographically hashed with bcrypt, a function that was hardest for the hackers to crack.
Regarding this hacking, the GateHub official wrote:
“As previously suggested in our investigation update, we believe the perpetrator gained unauthorized access to a database holding valid access tokens of our customers. Using these tokens, the perpetrator accessed 18,473 encrypted customer accounts, a very small fraction of our total user base. On affected accounts, the following data was being targeted: email addresses hashed passwords, hashed recovery keys, encrypted XRP ledger wallets secret keys (non-deleted wallets only), first names (if provided), last names (if provided).”
The posting of the database implies that the violation that the wallet service exposed in July was a lot greater than what was recently suspected. Apart from gaining just access tokens, the attackers also acquired the 2FA keys, password hashes, email addresses, wallet hashes, and mnemonic phrases.
An anonymous member from GateHub security team also wrote in an email that they are aware of the Raid forum’s claiming for belonging the data from Gatehub’s database. Their response to the cyber-attack is to introduce re-encryption to all GateHub accounts.
To avert the developing danger of credential stuffing violations, clients of the two websites should change passwords for whatever other sites that utilized the compromised accreditations. Moreover, they should be on high alert for spear phishing and different types of attacks that utilize their data.