Password data and other pieces of personal data belonging to as many as 1.4 million accounts on the Gatehub cryptocurrency wallet service and 800,000 accounts on RuneScape bot provider EpicBot have been posted online, according to a November 20th report by Dan Goodin, Security Editor at Ars Technica. The leaks were discovered by Troy Hunt, a security researcher who runs the Have I Been Pwned security breach notification service.
The leaked data includes email addresses and passwords associated with both sites that were originally cryptocurrency hashed with bcrypt, which Goodin described as “a function that’s among the hardest to crack.”
Discover iFX EXPO Asia 2020 in Macao – The Region's Leading Investment Event
The individual who posted the Gatehub database said that the data includes over 3.7 gigabytes worth of two-factor authentication keys, mnemonic phrase wallet recovery seeds, and even wallet hashes. The data was posted to a popular hacker site in August.
However, following an investigation, GateHub officials have said that it seems that there were no wallet hashes–which ostensibly means that while personal data was compromised (personal data that could be used to access crypto accounts), no private keys were directly exposed.
Still, at least one user has been notified by a separate service that his GateHub data had been breached:
@troyhunt Just got word from Experian’s IDNotify that my credentials for @GateHub were found compromised on the dark web. FYI in case you were getting any news about a GateHub breach or hack.
— Aashish Koirala (@aashishkoirala) November 14, 2019
Finance Magnates reached out to GateHub for commentary but did not hear back by press time. Comments will be added to this story as they are received.
bestadmin
