Coinmarketcap hacked | Bitcointalksearch.org

Quickseller

copper member

Activity: 2996

Merit: 2374

Quote from: FatFork on November 01, 2021, 05:26:09 AM

Quote from: Quickseller on November 01, 2021, 02:08:18 AM

CMC published a blog post saying they believe someone compared a list of leaked email/password combinations to which of these combinations allowed them to login to CMC.

I don’t think it would really be fair to say that CMC actually leaked any information if the above is true.

Honestly, I don't think this is a plausible explanation, and the argument presented is far-fetched, to say the least. I think it's more like a pathetic attempt to dispel guilt by putting the blame on someone else rather than taking responsibility for yourself.

Quote from: coinmarketcap

As no passwords are included in the data we have seen, we believe that it is most likely sourced from another platform where users may have reused passwords across multiple sites.

They also said they completed a security audit and were unable to find evidence of a security breach. I don't think it is reasonable to expect them to take responsibility if they cannot confirm the information actually came from them.

FatFork

legendary

Activity: 1624

Merit: 2594

Top Crypto Casino

Quote from: Quickseller on November 01, 2021, 02:08:18 AM

CMC published a blog post saying they believe someone compared a list of leaked email/password combinations to which of these combinations allowed them to login to CMC.

I don’t think it would really be fair to say that CMC actually leaked any information if the above is true.

Honestly, I don't think this is a plausible explanation, and the argument presented is far-fetched, to say the least. I think it's more like a pathetic attempt to dispel guilt by putting the blame on someone else rather than taking responsibility for yourself.

Quote from: coinmarketcap

As no passwords are included in the data we have seen, we believe that it is most likely sourced from another platform where users may have reused passwords across multiple sites.

Quickseller

copper member

Activity: 2996

Merit: 2374

Quote from: mk4 on October 31, 2021, 10:35:46 PM

Quote from: Quickseller on October 27, 2021, 01:20:50 AM

Well I do think it would be strange for only email addresses to leak. There is typically more information that leaks when a database is compromised. I would have expected for at least IP addresses and some data about the accounts to leak.

There is a very narrow set of circumstances in which only email addresses would leak from CMC.

Good point. My only guess is if that there was actually a leak that only consisted of emails, they're probably using some bizarre database setup specifically to prevent further damage when a leak does occur. Or maybe it was something like their newsletter database getting leaked specifically, not necessarily the emails of all accounts.

CMC published a blog post saying they believe someone compared a list of leaked email/password combinations to which of these combinations allowed them to login to CMC.

I don’t think it would really be fair to say that CMC actually leaked any information if the above is true.

pooya87

legendary

Activity: 3472

Merit: 10611

Quote from: Darker45 on October 26, 2021, 08:53:03 PM

LOL! This response seems familiar. Typical CZ gaming. LOL! Why is it so hard for this businessman to admit what actually happened?

HaHa. What did you expect from an idiot who when Binance got hacked started working hard for contacting a lot of mining pools begging them to 51% attack bitcoin so that they can reverse the transaction that stole bitcoin from his weak ass platform!

mk4

legendary

Activity: 2870

Merit: 3873

Paldo.io 🤖

Quote from: Quickseller on October 27, 2021, 01:20:50 AM

Well I do think it would be strange for only email addresses to leak. There is typically more information that leaks when a database is compromised. I would have expected for at least IP addresses and some data about the accounts to leak.

There is a very narrow set of circumstances in which only email addresses would leak from CMC.

Good point. My only guess is if that there was actually a leak that only consisted of emails, they're probably using some bizarre database setup specifically to prevent further damage when a leak does occur. Or maybe it was something like their newsletter database getting leaked specifically, not necessarily the emails of all accounts.

Rabi3

full member

Activity: 1204

Merit: 100

Quote from: hugeblack on October 23, 2021, 08:06:40 AM

I created an account using a temporary email, but I assume that their database is large and it will cause a lot of losses because beginners trust the emails that are sent to them.

Quote

CoinMarketCap has become aware that batches of data have shown up online purporting to be a list of user accounts. While the data lists we have seen are only email addresses (no passwords),

Source --> https://haveibeenpwned.com/PwnedWebsites#CoinMarketCap

The weirdest part is this quote, which means they don't know what exactly happened, and just because the password hasn't been hacked doesn't mean that customer data is safe.
I also didn't notice any new security update they made.

If they don't know exactly what happened there is a possibility that passwords were stolen but they just don't know about it and whoever hacked them kept that to himself, I am not taking any risks and my coinmarketcap password is never to be used again at least not with the same email address.

smyslov

sr. member

Activity: 2030

Merit: 269

Quote from: OmegaStarScream on October 23, 2021, 05:36:46 AM

https://cointelegraph.com/news/coinmarketcap-hack-reportedly-leaks-3-1-million-user-email-addresses

Just a heads-up for anyone with an account there. Apparently, only the email addresses were leaked, so your account and diamonds are safe but you should still be cautious, you might start getting some phishing attacks sent to your email.

I do not have an account on Coinmarketcap but this is considered a piece of big news and a cause of concern, Coinmarketcap, is a company owned by Binance and there are millions of users if they can hack a company owned by the biggest exchange in the industry, even small companies are at risk, those who have an account on Coinmarketcap should educate themselves on how to protect themselves on phishing emails, hackers are going to use those emails.

ultrloa

legendary

Activity: 2758

Merit: 1228

Quote from: OmegaStarScream on October 23, 2021, 05:36:46 AM

https://cointelegraph.com/news/coinmarketcap-hack-reportedly-leaks-3-1-million-user-email-addresses

Just a heads-up for anyone with an account there. Apparently, only the email addresses were leaked, so your account and diamonds are safe but you should still be cautious, you might start getting some phishing attacks sent to your email.

Eventhough they declare that our accounts is safe from that account we can't be so sure since there are other users especially those newbie accounts who use the same email and password for registration on a different platform so maybe there are other people do it on cmc since they think that its safe since this platform is owned by binance. So hopefully there are no victims of hacking on binance in this incident and stay away from phising guys.

Quickseller

copper member

Activity: 2996

Merit: 2374

Quote from: mk4 on October 26, 2021, 12:19:29 AM

Quote from: Quickseller on October 25, 2021, 03:13:14 PM

There have been a lot of hacks of various crypto services over the years. It is not inconceivable to believe that the leaked list is actually a compilation of email addresses used by crypto users.

Yep, never said it was impossible to be the case. It's just that there's a lot of potential reasons how there's a huge overlap between a "leaked" email list with CoinMarketCap's email list. Like how there's almost a guarantee on having a huge overlap between CoinMarketCap/CoinGecko users and Coinbase/Binance users. Something something innocent until proven guilty.

Well I do think it would be strange for only email addresses to leak. There is typically more information that leaks when a database is compromised. I would have expected for at least IP addresses and some data about the accounts to leak.

There is a very narrow set of circumstances in which only email addresses would leak from CMC.

Darker45

legendary

Activity: 2576

Merit: 1860

Quote from: shield132 on October 26, 2021, 03:10:50 PM

Quote from: mk4 on October 24, 2021, 11:31:13 PM

CZ is denying the allegations, stating that it's only FUD.

No comment on this because I fortunately don't have a CMC account lol.

https://twitter.com/cz_binance/status/1451855293059584000

Haha, this man is very shameful. They are denying what happened but at the same time are investigating? Cmon.
Btw what are partial matches? Oh, there was a leak on another website maybe on coingecko (joking of course) and somehow it happened like the emails that were leaked on another website were partial matches of the emails registered on coinmarketcap. Haha, idk if anyone believes that but probably people really believe, that's the reason why he lies.

This statement from him is done in order to act like a cool company and the CEO who works like a swiss watch, without problems.

LOL! This response seems familiar. Typical CZ gaming. LOL! Why is it so hard for this businessman to admit what actually happened?

There's no leak. It's simply FUD. There were partial matches on emails, though. And they're investigating. Please someone correct me if I remember it wrong, but this is also the same response CZ provided during the 2019 Binance KYC leak. The news of the leak was fake. It was merely FUD. But there were also partial matches on the images and personal information. And they're also investigating, even offering a reward for the identification of the supposed hacker as well as VIP upgrades to the affected users.

This man doesn't appear credible at all.

shield132

hero member

Activity: 2352

Merit: 905

Metawin.com - Truly the best casino ever

Quote from: mk4 on October 24, 2021, 11:31:13 PM

CZ is denying the allegations, stating that it's only FUD.

No comment on this because I fortunately don't have a CMC account lol.

https://twitter.com/cz_binance/status/1451855293059584000

Haha, this man is very shameful. They are denying what happened but at the same time are investigating? Cmon.
Btw what are partial matches? Oh, there was a leak on another website maybe on coingecko (joking of course) and somehow it happened like the emails that were leaked on another website were partial matches of the emails registered on coinmarketcap. Haha, idk if anyone believes that but probably people really believe, that's the reason why he lies.

This statement from him is done in order to act like a cool company and the CEO who works like a swiss watch, without problems.

mk4

legendary

Activity: 2870

Merit: 3873

Paldo.io 🤖

Quote from: Quickseller on October 25, 2021, 03:13:14 PM

There have been a lot of hacks of various crypto services over the years. It is not inconceivable to believe that the leaked list is actually a compilation of email addresses used by crypto users.

Yep, never said it was impossible to be the case. It's just that there's a lot of potential reasons how there's a huge overlap between a "leaked" email list with CoinMarketCap's email list. Like how there's almost a guarantee on having a huge overlap between CoinMarketCap/CoinGecko users and Coinbase/Binance users. Something something innocent until proven guilty.

Stedsm

legendary

Activity: 3052

Merit: 1273

Ridiculous how hackers try to steal data and information for their personal benefits. CMC seems to be working fine, I didn't see any kinda glitch on their site, don't know how and when this hack took place. I've got an account there, but as they claim that the passwords were not leaked, I still smell something fishy happening behind the curtain and I hope that their claims are not proven bullshit later on.

Even if our passwords are not leaked at CMC but some users whose email addresses ever got hacked (with their passwords) could be matched with the ones in the database that was received by the hacker and they may use those users' e-mail address' password, and who know if a user has used the same password here and at many places? It'll definitely ruin things for such users.

LTU_btc

legendary

Activity: 3234

Merit: 1375

Slava Ukraini!

Quote from: OmegaStarScream on October 23, 2021, 06:31:19 AM

Quote from: bL4nkcode on October 23, 2021, 05:50:48 AM

Didn't know you can create an account there. What the accounts are for on their platform? (Never visited their site for quite time)

You can use accounts to make a crypto watchlist and keep track of your portfolio, but people were mainly using them to claim diamonds and buy rewards (NFTs, vouchers, etc.). It's basically the same concept that Coingecko introduced some time ago with candies.

Maybe I was living under the rock for some time, but I also wasn't aware that's possible to make account on Coinmarketcap. And didn't knew about their diamonds. Well, fortunately I don't have account there, so my email isn't leaked.

Quote from: mk4 on October 24, 2021, 11:31:13 PM

CZ is denying the allegations, stating that it's only FUD.

No comment on this because I fortunately don't have a CMC account lol.

https://talkimg.com/images/2023/09/10/mqa9l.png

https://twitter.com/cz_binance/status/1451855293059584000

Offcourse, it may be just coincidence. But it's also possible that they deny these things just trying to defend their reputation.

Quickseller

copper member

Activity: 2996

Merit: 2374

Quote from: Husires on October 24, 2021, 08:10:15 AM

Can someone tell me why emails are not encrypted or kept more securely, or what makes it more difficult to hack a password than an email?

Email addresses (and other non-password data) is normally stored in a database. The database itself will usually have permissions restrictions prevent an arbitrary person from accessing the database. The reason this information is stored in a database is so the business, in this case CMC can query this information to complete various tasks, such as emailing their customers.

A password on the other hand is typically stored in a "hashed" format. This means the actual is not actually stored, but rather the result of the password being passed into a hash function is stored. This means that someone querying the database cannot actually get the actual password, but if the correct password is entered into a query, it is trivial to confirm the correct password was entered. The reason passwords are stored this way is because there is no valid business reason for someone to query someone's password. Also, the number of people who can access even the hashed passwords is generally more restricted than other parts of the database.

Quote from: mk4 on October 24, 2021, 11:31:13 PM

CZ is denying the allegations, stating that it's only FUD.

No comment on this because I fortunately don't have a CMC account lol.

https://twitter.com/cz_binance/status/1451855293059584000

There have been a lot of hacks of various crypto services over the years. It is not inconceivable to believe that the leaked list is actually a compilation of email addresses used by crypto users.

RapTarX

hero member

Activity: 1358

Merit: 851

Quote from: sheenshane on October 25, 2021, 10:10:32 AM

there's no email or any message that contain malicious links. So I doubt CZ claimed was right, it was just a FUD because I don't even receive emails in my inbox.

That's not how it works. Hacker will most possibly sell the email database in darkweb. The buyer can be assured that all these emails belong to people who are interested & linked with crypto. They can use the email for phishing purposes, for advertising purposes. You are unlikely to get an email instantly after the hack.
CZ claimed it as FUD? This guy can do anything to cover up their shit. Though I appreciate his business plan & success; he is not a good guy for the crypto at all in general. Can you remember the 7000 BTC hack from Binance? CZ tried his best to prevent the news from being spread everywhere & that's why he took attention to REVERSING (it's not a reverse though) the transaction with a fork even though he was certain that it's never going to happen.

bL4nkcode

copper member

Activity: 2142

Merit: 1305

Limited in number. Limitless in potential.

Quote from: sheenshane on October 25, 2021, 10:10:32 AM

so I worried and check my email account but there's no sign of hack there, there's no email or any message that contain malicious links.

Sometimes it takes times before email lists got sold or spammers got a copy of it. And sometimes its not about malicious link being sent, it includes some marketing emails which you didn't subscribes. Well, I hope it's the case, coz spam emails are annoying.

Quote from: sheenshane on October 25, 2021, 10:10:32 AM

It's also happened on the Binance exchange before right? When all accounts have been compromised including emails, correct me if I'm wrong.

AFAIR, it didn't happened yet, it will be a disaster if it will happen considering there are millions users of binance.

sheenshane

legendary

Activity: 2492

Merit: 1232

Quote from: aioc on October 25, 2021, 05:05:24 AM

Quote from: bL4nkcode on October 23, 2021, 05:50:48 AM

Didn't know you can create an account there. What the accounts are for on their platform? (Never visited their site for quite time)

I didn't know it either, I just use it to check the price of the coins and the condition of the market, they offer alerts on airdrops but I'm not into airdrops anymore, glad that I did not create an account here, I'm using Coingecko more than Coinmarketcap, but when I'm using price comparison that's the time I use Coinmarketcap.

Yesterday I have read different threads regarding Coinsmarketcap that has been compromised and AFAIK, I had registered there before using my email account associated with this forum account, so I worried and check my email account but there's no sign of hack there, there's no email or any message that contain malicious links. So I doubt CZ claimed was right, it was just a FUD because I don't even receive emails in my inbox.

Either it's true or not, if our email accounts have been collected by them(hackers) and sooner or later they will send malicious links, we should avoid clicking messages on inbox that has links. IMO, I don't usually open my email account, my mistake was I used this upon registering the Coinmarketcap platform.

It's also happened on the Binance exchange before right? When all accounts have been compromised including emails, correct me if I'm wrong.

aioc

hero member

Activity: 2926

Merit: 567

Quote from: bL4nkcode on October 23, 2021, 05:50:48 AM

Didn't know you can create an account there. What the accounts are for on their platform? (Never visited their site for quite time)

I didn't know it either, I just use it to check the price of the coins and the condition of the market, they offer alerts on airdrops but I'm not into airdrops anymore, glad that I did not create an account here, I'm using Coingecko more than Coinmarketcap, but when I'm using price comparison that's the time I use Coinmarketcap.

SFR10

legendary

Activity: 2968

Merit: 3406

Crypto Swap Exchange

Quote from: LeGaulois on October 23, 2021, 01:32:31 PM

I don't know when this incident happened, but the fact that they didn't even make an announcement, or even send an email to their user base, says a lot about how they consider the members using their service

They first confirmed ^{[not sure where exactly]} it on October 12 and according to mk4's post, it took them 11 days to make that announcement while posting around 100 articles ^{[can't tell the exact number due to how they display the dates after a week]} on that period ^[SMH]!

Quote from: Husires on October 24, 2021, 08:10:15 AM

it will not be easy to deceive them with phishing links.

But it's not impossible either.

Topic: Coinmarketcap hacked (Read 461 times)