1 min read

Gatehub and EpicBot Hacked; 2.2 Million User Accounts Leaked

Silviu STAHIE

November 21, 2019

Gatehub and EpicBot Hacked; 2.2 Million User Accounts Leaked

Personal details belonging to approximatively 2.2 million user accounts from GateHub and EpicBot were leaked online, according to Troy Hunt, creator of the Have I Been Pwned? Data breach search website.

The websites of GateHub, a cryptocurrency wallet service, and EpicBot, a RuneScape bot service, were compromised sometime this year. It”s difficult to say when the incidents happened precisely, but there”s a bit of good news as well. Both websites were using bcrypt, a password hashing function that can prevent bad actors from reading the actual data, or at least delay them for a very long time.

According to an Ars Technica report, the hackers took wallet hashes, mnemonic phrases, and two-factor authentication keys for 1.4 million accounts from the cryptocurrency wallet GateHub. The EpicBot hack was a little bit smaller, with 800,000 accounts leaked, including usernames, IP addresses, and encrypted passwords.

Of the two services, only GateHub admitted to being hacked, but when they initially announced it back in August, they only mentioned around 18,000 being compromised.

“On affected accounts, the following data was being targeted: email addresses hashed passwords, hashed recovery keys, encrypted XRP ledger wallets secret keys (non-deleted wallets only), first names (if provided), last names (if provided),” GateHub said a few months ago.

While it”s good that the services encrypted some of the data, even leaking user names is a problem. Many people have the same user names and passwords for multiple online accounts, and other websites might not take care to encrypt their data. Matching user names from multiple leaks is not difficult.

GateHub sent notices telling users to change their passwords when the breach was announced, but if you didn”t change your password then, you should do it now. More importantly, users should consider changing their mnemonic phrases.

For EpicBot, things are a little bit more complicated since the people running the bot service have yet to acknowledge any intrusion, which means that they haven”t notified their users. So, if you have an EpicBot account, you need to change your password now.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Romance scammers arrested in Texas for defrauding elderly lonely hearts Romance scammers arrested in Texas for defrauding elderly lonely hearts
Graham CLULEY

September 28, 2021

3 min read
iCloud Private Relay Vulnerability Exposes User IP Addresses, Researchers Find iCloud Private Relay Vulnerability Exposes User IP Addresses, Researchers Find
Silviu STAHIE

September 27, 2021

1 min read
Bitcoin.org Compromised; Attackers Posted “Double Your Money” Announcement Bitcoin.org Compromised; Attackers Posted “Double Your Money” Announcement
Silviu STAHIE

September 27, 2021

1 min read