Gatehub and EpicBot Hacked; 2.2 Million User Accounts Leaked
Personal details belonging to approximatively 2.2 million user accounts from GateHub and EpicBot were leaked online, according to Troy Hunt, creator of the Have I Been Pwned? Data breach search website.
The websites of GateHub, a cryptocurrency wallet service, and EpicBot, a RuneScape bot service, were compromised sometime this year. It”s difficult to say when the incidents happened precisely, but there”s a bit of good news as well. Both websites were using bcrypt, a password hashing function that can prevent bad actors from reading the actual data, or at least delay them for a very long time.
According to an Ars Technica report, the hackers took wallet hashes, mnemonic phrases, and two-factor authentication keys for 1.4 million accounts from the cryptocurrency wallet GateHub. The EpicBot hack was a little bit smaller, with 800,000 accounts leaked, including usernames, IP addresses, and encrypted passwords.
Of the two services, only GateHub admitted to being hacked, but when they initially announced it back in August, they only mentioned around 18,000 being compromised.
“On affected accounts, the following data was being targeted: email addresses hashed passwords, hashed recovery keys, encrypted XRP ledger wallets secret keys (non-deleted wallets only), first names (if provided), last names (if provided),” GateHub said a few months ago.
While it”s good that the services encrypted some of the data, even leaking user names is a problem. Many people have the same user names and passwords for multiple online accounts, and other websites might not take care to encrypt their data. Matching user names from multiple leaks is not difficult.
GateHub sent notices telling users to change their passwords when the breach was announced, but if you didn”t change your password then, you should do it now. More importantly, users should consider changing their mnemonic phrases.
For EpicBot, things are a little bit more complicated since the people running the bot service have yet to acknowledge any intrusion, which means that they haven”t notified their users. So, if you have an EpicBot account, you need to change your password now.
Ultimate Privacy Guide for Your Facebook Account
August 31, 2021
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices
August 27, 2021
Your Netflix Account May Be on Sale on Darkweb. Protect It
August 13, 2021
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
FOLLOW US ON
You might also like
September 28, 2021