One of the largest brokerage firms in the U.S. suffers through data breach of about 450,000 users due to a reported hack, adding itself to list of the 747 million users’ accounts that have been breached. Coinmama, a platform for users to buy cryptocurrencies has approximately 1.3 million active users that are all under threat of a similar exposure.
The crypto brokerage firm immediately updated the users on its website about the latest hacking activity that caused havoc. Email addresses and passwords of users were intruded that also negatively affected the security of “24 companies and a total of 747 million user records“, which is all part of a bigger plan to perform a multi-platform hack and acquire user data to sell on the dark web for bigger profits.
Rumors are that the body behind these attacks is Gnostic Players but it is still uncertain whether they are the ones who hacked the accounts of 747 million users in total from 24 companies or if they are only responsible for purchasing those accounts from the hackers and are reselling them on the dark web, Dream Market. Whatever their role is, Gnostic Players have put up stolen accounts on this dark web marketplace for customers to buy in exchange of bitcoin worth of $14,500 in cash. The accounts compromised have been classified into different price brackets depending on the information they carry and the level of difficulty in breaking into those accounts. These accounts have been illegally acquired by hackers from around 24 companies belonging to different industries including a crypto exchange, Coinmama which went through the latest theft.
The hack put up more accounts at risk however, no theft of crypto assets was recorded as the brokerage firm looks further in depth of the illicit activity. Coinmama provided its users assurance that the accounts which have been hacked have not been used by the hackers and suggested that no further harm has been caused to the firm’s systems. A sigh of relief for the victims of this hack is that the brokerage firm does not hold users’ credit card information which does not leave out any more detail that could be manipulated by the attackers.
Since the intrusion was performed, Coinmama asserts to have taken progressive steps “to identify the nature and scope of the intrusion” by creating an Incident Response Team that would study the matter thoroughly and gather as much detail as possible about the incident. The firm has approached numerous known cybersecurity organizations in order to safeguard its users by notifying them about the hack so that they can protect their accounts from supplementary breach of data. With additional help, they aim to create awareness among all the users to reset their passwords to avoid being part of the victimized lot. Coinmama is also to avail the services of cybersecurity organizations to monitor any sort of suspicious activity on the firm’s website, bringing enhancements for better security.
Nature of such attack is not restricted to Coinmama or the crypto space but identical breaches have been examined in other disciplines as well. Coffee Meets Bagel, a San Francisco–based dating and social networking website whose user data was breached on Valentine’s Day but fortunately, the hacker did not gain access to sensitive information like credit card numbers or passwords. The hacker, still unidentified put up the user data on sale on the dark web for several bitcoins which is a common practice right now in the fintech industry.
Coffee Meets Bagel decides to tell users it suffered a data breach…. on Valentine’s Day. ? pic.twitter.com/VRNFYlvEJE
— Donie O’Sullivan (@donie) February 14, 2019
MyFitnessPal, a smartphone app and website that tracks diet and exercise for users suffered through the same vulnerability almost an year ago when personal details of over 150 million users were compromised in what was said to be “one of the biggest hacks in history”. However, delicate information of users remained untouched as hackers obtained usernames, email addresses and scrambled passwords.The hack caused the company’s shares to go down by 3% at that time and it was not informed before the fifth day of the attack. The breach did not include any financial information but the acquired data was still considered to be valuable for cybercriminals who use such data for trading purposes on the dark web.
The accounts of users of these world leading platforms were also compromised following the hacks and most websites which have become targets of similar breaches were running the same database software, PostgreSQL which made it easy for the attacker to get into the systems of the organizations using this software. All the hacker had to do was identify a way to gain access to PostgreSQL and the rest followed.
Ariel Ainhoren, research team leader at TechCrunch, IntSights also believes that the hack is a repetition of events that have occurred before targeting large-scale businesses, he said:
We’re still analyzing it, but it could have been that he used some kind of vulnerability that surfaced around that time and wasn’t patched by these companies or a totally new unknown vulnerability. As most of these sites were not known breaches, it seems we’re dealing here with a hacker that did the hacks by himself, and not just someone who obtained it from somewhere else and now just resold it.
Coinmama could have had a serious problem at its hands if a hacker with much cynical intents had acquired the information but their successive attempt to warn users saved the exchange. Many users changed their account details before any damage and luckily for those targeted earlier, no account details were leaked on the dark web for any hacker to manipulate the information.