Article 4VCDE Password data for ~2.2 million users of currency and gaming sites dumped online

Password data for ~2.2 million users of currency and gaming sites dumped online

by
Dan Goodin
from Ars Technica - All content on (#4VCDE)
dumping-800x600.jpg

Enlarge (credit: Bureau of Land Management Alaska Follow)

Password data and other personal information belonging to as many as 2.2 million users of two websites-one a cryptocurrency wallet service and the other a gaming bot provider-have been posted online, according to Troy Hunt, the security researcher behind the Have I Been Pwned breach notification service.

One haul includes personal information for as many as 1.4 million accounts from the GateHub cryptocurrency wallet service. The other contains data for about 800,000 accounts on RuneScape bot provider EpicBot. The databases include registered email addresses and passwords that were cryptographically hashed with bcrypt, a function that's among the hardest to crack.

The person posting the 3.72GB Gatehub database said it also includes two-factor authentication keys, mnemonic phrases, and wallet hashes, although GateHub officials said an investigation suggested wallet hashes were not accessed. The EpicBot database, meanwhile, purportedly included usernames and IP addresses. Hunt said he selected a representative sample of accounts from both databases to verify the authenticity of the data. All of the email addresses he checked were registered to accounts of the two sites.

Read 12 remaining paragraphs | Comments

index?i=EZKiKBMri1c:0A2pw862tZU:V_sGLiPB index?i=EZKiKBMri1c:0A2pw862tZU:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments