Pages:
Author

Topic: Coinmarketcap hacked (Read 453 times)

copper member
Activity: 2926
Merit: 2348
November 01, 2021, 09:01:31 AM
#36
CMC published a blog post saying they believe someone compared a list of leaked email/password combinations to which of these combinations allowed them to login to CMC.

I don’t think it would really be fair to say that CMC actually leaked any information if the above is true.

Honestly, I don't think this is a plausible explanation, and the argument presented is far-fetched, to say the least. I think it's more like a pathetic attempt to dispel guilt by putting the blame on someone else rather than taking responsibility for yourself.

Quote from: coinmarketcap
As no passwords are included in the data we have seen, we believe that it is most likely sourced from another platform where users may have reused passwords across multiple sites.


They also said they completed a security audit and were unable to find evidence of a security breach. I don't think it is reasonable to expect them to take responsibility if they cannot confirm the information actually came from them.
legendary
Activity: 1624
Merit: 2594
Top Crypto Casino
November 01, 2021, 05:26:09 AM
#35
CMC published a blog post saying they believe someone compared a list of leaked email/password combinations to which of these combinations allowed them to login to CMC.

I don’t think it would really be fair to say that CMC actually leaked any information if the above is true.

Honestly, I don't think this is a plausible explanation, and the argument presented is far-fetched, to say the least. I think it's more like a pathetic attempt to dispel guilt by putting the blame on someone else rather than taking responsibility for yourself.

Quote from: coinmarketcap
As no passwords are included in the data we have seen, we believe that it is most likely sourced from another platform where users may have reused passwords across multiple sites.

copper member
Activity: 2926
Merit: 2348
November 01, 2021, 02:08:18 AM
#34
Well I do think it would be strange for only email addresses to leak. There is typically more information that leaks when a database is compromised. I would have expected for at least IP addresses and some data about the accounts to leak.

There is a very narrow set of circumstances in which only email addresses would leak from CMC.

Good point. My only guess is if that there was actually a leak that only consisted of emails, they're probably using some bizarre database setup specifically to prevent further damage when a leak does occur. Or maybe it was something like their newsletter database getting leaked specifically, not necessarily the emails of all accounts.
CMC published a blog post saying they believe someone compared a list of leaked email/password combinations to which of these combinations allowed them to login to CMC.

I don’t think it would really be fair to say that CMC actually leaked any information if the above is true.
legendary
Activity: 3472
Merit: 10611
November 01, 2021, 12:56:55 AM
#33
LOL! This response seems familiar. Typical CZ gaming. LOL! Why is it so hard for this businessman to admit what actually happened?
HaHa. What did you expect from an idiot who when Binance got hacked started working hard for contacting a lot of mining pools begging them to 51% attack bitcoin so that they can reverse the transaction that stole bitcoin from his weak ass platform!
mk4
legendary
Activity: 2870
Merit: 3873
Paldo.io 🤖
October 31, 2021, 10:35:46 PM
#32
Well I do think it would be strange for only email addresses to leak. There is typically more information that leaks when a database is compromised. I would have expected for at least IP addresses and some data about the accounts to leak.

There is a very narrow set of circumstances in which only email addresses would leak from CMC.

Good point. My only guess is if that there was actually a leak that only consisted of emails, they're probably using some bizarre database setup specifically to prevent further damage when a leak does occur. Or maybe it was something like their newsletter database getting leaked specifically, not necessarily the emails of all accounts.
full member
Activity: 1204
Merit: 100
October 31, 2021, 06:49:21 PM
#31
I created an account using a temporary email, but I assume that their database is large and it will cause a lot of losses because beginners trust the emails that are sent to them.

Quote
CoinMarketCap has become aware that batches of data have shown up online purporting to be a list of user accounts. While the data lists we have seen are only email addresses (no passwords),
Source  --> https://haveibeenpwned.com/PwnedWebsites#CoinMarketCap

The weirdest part is this quote, which means they don't know what exactly happened, and just because the password hasn't been hacked doesn't mean that customer data is safe.
I also didn't notice any new security update they made.
If they don't know exactly what happened there is a possibility that passwords were stolen but they just don't know about it and whoever hacked them kept that to himself, I am not taking any risks and my coinmarketcap password is never to be used again at least not with the same email address.
sr. member
Activity: 2030
Merit: 269
October 30, 2021, 12:50:29 AM
#30
https://cointelegraph.com/news/coinmarketcap-hack-reportedly-leaks-3-1-million-user-email-addresses

Just a heads-up for anyone with an account there. Apparently, only the email addresses were leaked, so your account and diamonds are safe but you should still be cautious, you might start getting some phishing attacks sent to your email.

I do not have an account on Coinmarketcap but this is considered a piece of big news and a cause of concern, Coinmarketcap,  is a company owned by Binance and there are millions of users if they can hack a company owned by the biggest exchange in the industry, even small companies are at risk, those who have an account on Coinmarketcap should educate themselves on how to protect themselves on phishing emails, hackers are going to use those emails.
legendary
Activity: 2758
Merit: 1228
October 27, 2021, 08:50:34 AM
#29
https://cointelegraph.com/news/coinmarketcap-hack-reportedly-leaks-3-1-million-user-email-addresses

Just a heads-up for anyone with an account there. Apparently, only the email addresses were leaked, so your account and diamonds are safe but you should still be cautious, you might start getting some phishing attacks sent to your email.

Eventhough they declare that our accounts is safe from that account we can't be so sure since there are other users especially those newbie accounts who use the same email and password for registration on a different platform so maybe there are other people do it on cmc since they think that its safe since this platform is owned by binance. So hopefully there are no victims of hacking on binance in this incident and stay away from phising guys.
copper member
Activity: 2926
Merit: 2348
October 27, 2021, 01:20:50 AM
#28
There have been a lot of hacks of various crypto services over the years. It is not inconceivable to believe that the leaked list is actually a compilation of email addresses used by crypto users.

Yep, never said it was impossible to be the case. It's just that there's a lot of potential reasons how there's a huge overlap between a "leaked" email list with CoinMarketCap's email list. Like how there's almost a guarantee on having a huge overlap between CoinMarketCap/CoinGecko users and Coinbase/Binance users. Something something innocent until proven guilty.
Well I do think it would be strange for only email addresses to leak. There is typically more information that leaks when a database is compromised. I would have expected for at least IP addresses and some data about the accounts to leak.

There is a very narrow set of circumstances in which only email addresses would leak from CMC.
legendary
Activity: 2576
Merit: 1860
October 26, 2021, 08:53:03 PM
#27
CZ is denying the allegations, stating that it's only FUD.

No comment on this because I fortunately don't have a CMC account lol.



https://twitter.com/cz_binance/status/1451855293059584000
Haha, this man is very shameful. They are denying what happened but at the same time are investigating? Cmon.
Btw what are partial matches? Oh, there was a leak on another website maybe on coingecko (joking of course) and somehow it happened like the emails that were leaked on another website were partial matches of the emails registered on coinmarketcap. Haha, idk if anyone believes that but probably people really believe, that's the reason why he lies.

This statement from him is done in order to act like a cool company and the CEO who works like a swiss watch, without problems.

LOL! This response seems familiar. Typical CZ gaming. LOL! Why is it so hard for this businessman to admit what actually happened?

There's no leak. It's simply FUD. There were partial matches on emails, though. And they're investigating. Please someone correct me if I  remember it wrong, but this is also the same response CZ provided during the 2019 Binance KYC leak. The news of the leak was fake. It was merely FUD. But there were also partial matches on the images and personal information. And they're also investigating, even offering a reward for the identification of the supposed hacker as well as VIP upgrades to the affected users.

This man doesn't appear credible at all.
hero member
Activity: 2352
Merit: 905
Metawin.com - Truly the best casino ever
October 26, 2021, 03:10:50 PM
#26
CZ is denying the allegations, stating that it's only FUD.

No comment on this because I fortunately don't have a CMC account lol.



https://twitter.com/cz_binance/status/1451855293059584000
Haha, this man is very shameful. They are denying what happened but at the same time are investigating? Cmon.
Btw what are partial matches? Oh, there was a leak on another website maybe on coingecko (joking of course) and somehow it happened like the emails that were leaked on another website were partial matches of the emails registered on coinmarketcap. Haha, idk if anyone believes that but probably people really believe, that's the reason why he lies.

This statement from him is done in order to act like a cool company and the CEO who works like a swiss watch, without problems.
mk4
legendary
Activity: 2870
Merit: 3873
Paldo.io 🤖
October 26, 2021, 12:19:29 AM
#25
There have been a lot of hacks of various crypto services over the years. It is not inconceivable to believe that the leaked list is actually a compilation of email addresses used by crypto users.

Yep, never said it was impossible to be the case. It's just that there's a lot of potential reasons how there's a huge overlap between a "leaked" email list with CoinMarketCap's email list. Like how there's almost a guarantee on having a huge overlap between CoinMarketCap/CoinGecko users and Coinbase/Binance users. Something something innocent until proven guilty.
legendary
Activity: 3052
Merit: 1273
October 25, 2021, 06:00:23 PM
#24
Ridiculous how hackers try to steal data and information for their personal benefits. CMC seems to be working fine, I didn't see any kinda glitch on their site, don't know how and when this hack took place. I've got an account there, but as they claim that the passwords were not leaked, I still smell something fishy happening behind the curtain and I hope that their claims are not proven bullshit later on.

Even if our passwords are not leaked at CMC but some users whose email addresses ever got hacked (with their passwords) could be matched with the ones in the database that was received by the hacker and they may use those users' e-mail address' password, and who know if a user has used the same password here and at many places? It'll definitely ruin things for such users.
legendary
Activity: 3220
Merit: 1374
Slava Ukraini!
October 25, 2021, 05:53:55 PM
#23
Didn't know you can create an account there. What the accounts are for on their platform? (Never visited their site for quite time)
You can use accounts to make a crypto watchlist and keep track of your portfolio, but people were mainly using them to claim diamonds and buy rewards (NFTs, vouchers, etc.). It's basically the same concept that Coingecko introduced some time ago with candies.
Maybe I was living under the rock for some time, but I also wasn't aware that's possible to make account on Coinmarketcap. And didn't knew about their diamonds. Well, fortunately I don't have account there, so my email isn't leaked.

CZ is denying the allegations, stating that it's only FUD.

No comment on this because I fortunately don't have a CMC account lol.

https://talkimg.com/images/2023/09/10/mqa9l.png

https://twitter.com/cz_binance/status/1451855293059584000
Offcourse, it may be just coincidence. But it's also possible that they deny these things just trying to defend their reputation.
copper member
Activity: 2926
Merit: 2348
October 25, 2021, 03:13:14 PM
#22
Can someone tell me why emails are not encrypted or kept more securely, or what makes it more difficult to hack a password than an email?
Email addresses (and other non-password data) is normally stored in a database. The database itself will usually have permissions restrictions prevent an arbitrary person from accessing the database. The reason this information is stored in a database is so the business, in this case CMC can query this information to complete various tasks, such as emailing their customers.

A password on the other hand is typically stored in a "hashed" format. This means the actual is not actually stored, but rather the result of the password being passed into a hash function is stored. This means that someone querying the database cannot actually get the actual password, but if the correct password is entered into a query, it is trivial to confirm the correct password was entered. The reason passwords are stored this way is because there is no valid business reason for someone to query someone's password. Also, the number of people who can access even the hashed passwords is generally more restricted than other parts of the database.

CZ is denying the allegations, stating that it's only FUD.

No comment on this because I fortunately don't have a CMC account lol.



https://twitter.com/cz_binance/status/1451855293059584000
There have been a lot of hacks of various crypto services over the years. It is not inconceivable to believe that the leaked list is actually a compilation of email addresses used by crypto users.
hero member
Activity: 1358
Merit: 851
October 25, 2021, 01:19:31 PM
#21
there's no email or any message that contain malicious links.  So I doubt CZ claimed was right, it was just a FUD because I don't even receive emails in my inbox.
That's not how it works. Hacker will most possibly sell the email database in darkweb. The buyer can be assured that all these emails belong to people who are interested & linked with crypto. They can use the email for phishing purposes, for advertising purposes. You are unlikely to get an email instantly after the hack.
CZ claimed it as FUD? This guy can do anything to cover up their shit. Though I appreciate his business plan & success; he is not a good guy for the crypto at all in general. Can you remember the 7000 BTC hack from Binance? CZ tried his best to prevent the news from being spread everywhere & that's why he took attention to REVERSING (it's not a reverse though) the transaction with a fork even though he was certain that it's never going to happen.
copper member
Activity: 2142
Merit: 1305
Limited in number. Limitless in potential.
October 25, 2021, 10:39:09 AM
#20
so I worried and check my email account but there's no sign of hack there, there's no email or any message that contain malicious links. 
Sometimes it takes times before email lists got sold or spammers got a copy of it. And sometimes its not about malicious link being sent, it includes some marketing emails which you didn't subscribes. Well, I hope it's the case, coz spam emails are annoying.

It's also happened on the Binance exchange before right?  When all accounts have been compromised including emails, correct me if I'm wrong.
AFAIR, it didn't happened yet, it will be a disaster if it will happen considering there are millions users of binance.
legendary
Activity: 2366
Merit: 1206
October 25, 2021, 10:10:32 AM
#19
Didn't know you can create an account there. What the accounts are for on their platform? (Never visited their site for quite time)

I didn't know it either, I just use it to check the price of the coins and the condition of the market, they offer alerts on airdrops but I'm not into airdrops anymore, glad that I did not create an account here, I'm using Coingecko more than Coinmarketcap, but when I'm using price comparison that's the time I use Coinmarketcap.
Yesterday I have read different threads regarding Coinsmarketcap that has been compromised and AFAIK, I had registered there before using my email account associated with this forum account, so I worried and check my email account but there's no sign of hack there, there's no email or any message that contain malicious links.  So I doubt CZ claimed was right, it was just a FUD because I don't even receive emails in my inbox.

Either it's true or not, if our email accounts have been collected by them(hackers) and sooner or later they will send malicious links, we should avoid clicking messages on inbox that has links.  IMO, I don't usually open my email account, my mistake was I used this upon registering the Coinmarketcap platform.

It's also happened on the Binance exchange before right?  When all accounts have been compromised including emails, correct me if I'm wrong.
hero member
Activity: 2926
Merit: 567
October 25, 2021, 05:05:24 AM
#18
Didn't know you can create an account there. What the accounts are for on their platform? (Never visited their site for quite time)

I didn't know it either, I just use it to check the price of the coins and the condition of the market, they offer alerts on airdrops but I'm not into airdrops anymore, glad that I did not create an account here, I'm using Coingecko more than Coinmarketcap, but when I'm using price comparison that's the time I use Coinmarketcap.
legendary
Activity: 2968
Merit: 3406
Crypto Swap Exchange
October 25, 2021, 03:14:15 AM
#17
I don't know when this incident happened, but the fact that they didn't even make an announcement, or even send an email to their user base, says a lot about how they consider the members using their service
They first confirmed [not sure where exactly] it on October 12 and according to mk4's post, it took them 11 days to make that announcement while posting around 100 articles [can't tell the exact number due to how they display the dates after a week] on that period [SMH]!

it will not be easy to deceive them with phishing links.
But it's not impossible either.
Pages:
Jump to: