Using these tokens the perpetrator accessed 18,473 encrypted customer accounts, a very small fraction of our total user base. The wording of the post left unclear exactly what data beyond access tokens was successfully obtained.Īs previously suggested in our investigation update, we believe the perpetrator gained unauthorized access to a database holding valid access tokens of our customers. The attackers, GateHub said, had stolen-or at least tried to steal-a wealth of sensitive information for more than 18,000 user accounts. The Gatehub account data, which was posted to a widely visited hacker site in late August, came three months after the cryptocurrency service reported that it had been hacked.
#RUNESCAPE ACCOUNTS PASSWORDS PASSWORD#
While there were 2.2 million unique addresses in the two dumps, it's possible that corresponding password hashes or other data isn't included with each one. FYI in case you were getting any news about a GateHub breach or hack. The advisory, Koirala said, notified him that "my credentials for were found compromised on the Dark Just got word from Experian's IDNotify that my credentials for were found compromised on the dark web.
#RUNESCAPE ACCOUNTS PASSWORDS SOFTWARE#
It came from Aashish Koirala, a self-described software developer who said he recently received a notification from the identity protection arm of consumer credit reporting service Experian. All of the email addresses he checked were registered to accounts of the two sites.Īnother indication that the data in the file belongs to GateHub account holders: this Twitter post. Hunt said he selected a representative sample of accounts from both databases to verify the authenticity of the data. The EpicBot database, meanwhile, purportedly included usernames and IP addresses. The person posting the 3.72GB Gatehub database said it also includes two-factor authentication keys, mnemonic phrases, and wallet hashes, although GateHub officials said an investigation suggested wallet hashes were not accessed. The databases include registered email addresses and passwords that were cryptographically hashed with bcrypt, a function that's among the hardest to crack. The other contains data for about 800,000 accounts on RuneScape bot provider EpicBot. One haul includes personal information for as many as 1.4 million accounts from the GateHub cryptocurrency wallet service. Password data and other personal information belonging to as many as 2.2 million users of two websites-one a cryptocurrency wallet service and the other a gaming bot provider-have been posted online, according to Troy Hunt, the security researcher behind the Have I Been Pwned breach notification service. Bureau of Land Management Alaska Follow reader comments 31 with
0 kommentar(er)
