A security researcher behind the data breach index site “Have I Been Pwned” said that password data and personal information of 2.2 million users of two websites have been dumped online.
On November 19, it has been reported by Ars Technica that Troy Hunt, a security researcher, confirmed that the compromised data belonged to accounts of GateHub, a cryptocurrency wallet, and EpicBot, a RuneScape bot provider.
Gatehub Crypto Wallet Data Breach Compromises Passwords of 1.4M Users (Cointelegraph) Password data and personal information of 1.4 million users of GateHub cryptocurrency wallet service have reportedly been dumped onlinehttps://t.co/mKzEY4dviM#LeverageTrading pic.twitter.com/OcSJw8o8Di — CRYPTONEWS.WATCH (@crypto_news24) November 20, 2019
According to Hunt, the first haul included personal information for as many as 1.4 million user accounts from the GateHub cryptocurrency wallet, and the second contained data for about 800,000 user accounts on the self-proclaimed world’s safest all-in-one RuneScape bot provider, EpicBot.
So, according to what an investigation had suggested, the stolen information reportedly includes registered email addresses, passwords, two-factor authentication keys, mnemonic phrases, and wallet hashes. However, GateHub officials said that the wallet hashes were not accessed.
It is not the first time that GateHub has to endure a data breach. In June 2019, hackers were reportedly able to compromise around 100 XRP Ledger wallets, which resulted in nearly $10 million in stolen funds.
GateHub, also in June, warned that there was a phishing scam campaign targeting its cryptocurrency wallet users.
According to the company, GateHub’s wallet users were receiving malicious emails from addresses that looked like they were from GateHub: “@gatehub.com” and “@gatehub.net.”
As technology and security improve, hackers have corresponding more creative with the scams and hacks they carry out. One of the more disastrous hacks in recent years was NiceHash, the Slovenian-based Bitcoin (BTC) mining marketplace.
Likewise, a hacker stole approximately 4,700 Bitcoin, worth about $64 million at the time of the hack in December 2017.
Thus, the platform called the security breach a highly skilled and organized attack that was carried out with sophisticated social engineering.