GateHub struggles with huge data leak – 1.4 million accounts disclosed
Finding the personal data on the Internet is probably the nightmare of everyone. Especially users of online banking or cryptocurrencies should be particularly scared of this. Although Bitcoin & Co. are themselves secured against manipulation and hacks via the blockchain. However, anyone who gets mail, passwords, wallet addresses and thus the account access of a stranger holds his crypto assets directly in his hands.
Such a rude awakening had to be experienced by the customers of the Wallet operator GateHub. After a database containing the alleged data of around 1.4 million users was already available on the Internet in October, the security expert Troy Hunt from the service provider "Have I Been Pwned?" Confirms their authenticity. He is sure that the e-mail addresses posted in a well-known hacker forum come from GateHub Accounts and the connected account data is therefore genuine.
Like the tech messaging service Ars Technica Reportedly, GateHub was hit hard by the hack, which is said to have happened in August. In addition to the encrypted access data for the crypto-wallets, the 3.72 gigabyte-heavy database published on the Internet should contain, among other things, the keys for two-factor authentication as well as so-called mnemonic phrases of the users. The latter represent a word list that contains in abbreviated form all Wallet information.
GateHub users are in luck
However, customers could breathe a sigh of relief that their passwords themselves, but their encrypted hashes, have come into the hands of the criminals. When they were made, the Bcrypt process was used, which is considered particularly safe. Decryption, which leads to the actual login data, can thus be virtually ruled out if used correctly.
GateHubs had initially assumed in August that far fewer users would have fallen victim to the hackers. In a mail opposite Ars Technica tells GateHub to continue investigating the alleged attack. The service provider gives his customers a first all-clear:
The alleged GateHub database is carefully reviewed by our team. Therefore, we can not confirm the authenticity currently. (…) According to what we have collected so far, this contains no wallet hashes.
Now you want to re-encrypt all affected accounts.
In addition to the customer information of the Wallet operator, the leaked database also contains user details of the gaming service provider EpicBot. The IP addresses of a total of 800,000 users came to the public.
Bitcoin Exchanges & Wallet Operators: Safe but not unbeatable
Although cryptocurrencies such as Bitcoin & Co. are indeed protected by the architecture of the blockchain, the blockchain itself can only be changed under astronomical endeavors. However, wallet providers, and Bitcoin stock exchanges in particular, offer attack surfaces through their centralized administration, which criminals have used numerous times in the past.
Also for GateHub it is not the first time that hackers target the company. In June, the wallet operator suffered losses of almost nine million euros. Back then, hackers captured the credentials of around 100 ripple wallets.
Be sure not to miss any important news related to Cryptocurrencies! Follow our news feed in the way you prefer; through Twitter, Facebook, Telegram, RSS or email (scroll down to the bottom of this page to subscribe). Bitcoin never sleeps. Neither do we .