Author

Topic: Coinmarketcap hacked (Read 474 times)

copper member
Activity: 2996
Merit: 2374
November 01, 2021, 09:01:31 AM
#36
CMC published a blog post saying they believe someone compared a list of leaked email/password combinations to which of these combinations allowed them to login to CMC.

I don’t think it would really be fair to say that CMC actually leaked any information if the above is true.

Honestly, I don't think this is a plausible explanation, and the argument presented is far-fetched, to say the least. I think it's more like a pathetic attempt to dispel guilt by putting the blame on someone else rather than taking responsibility for yourself.

Quote from: coinmarketcap
As no passwords are included in the data we have seen, we believe that it is most likely sourced from another platform where users may have reused passwords across multiple sites.


They also said they completed a security audit and were unable to find evidence of a security breach. I don't think it is reasonable to expect them to take responsibility if they cannot confirm the information actually came from them.
legendary
Activity: 1820
Merit: 2700
Crypto Swap Exchange
November 01, 2021, 05:26:09 AM
#35
CMC published a blog post saying they believe someone compared a list of leaked email/password combinations to which of these combinations allowed them to login to CMC.

I don’t think it would really be fair to say that CMC actually leaked any information if the above is true.

Honestly, I don't think this is a plausible explanation, and the argument presented is far-fetched, to say the least. I think it's more like a pathetic attempt to dispel guilt by putting the blame on someone else rather than taking responsibility for yourself.

Quote from: coinmarketcap
As no passwords are included in the data we have seen, we believe that it is most likely sourced from another platform where users may have reused passwords across multiple sites.

copper member
Activity: 2996
Merit: 2374
November 01, 2021, 02:08:18 AM
#34
Well I do think it would be strange for only email addresses to leak. There is typically more information that leaks when a database is compromised. I would have expected for at least IP addresses and some data about the accounts to leak.

There is a very narrow set of circumstances in which only email addresses would leak from CMC.

Good point. My only guess is if that there was actually a leak that only consisted of emails, they're probably using some bizarre database setup specifically to prevent further damage when a leak does occur. Or maybe it was something like their newsletter database getting leaked specifically, not necessarily the emails of all accounts.
CMC published a blog post saying they believe someone compared a list of leaked email/password combinations to which of these combinations allowed them to login to CMC.

I don’t think it would really be fair to say that CMC actually leaked any information if the above is true.
legendary
Activity: 3472
Merit: 10611
November 01, 2021, 12:56:55 AM
#33
LOL! This response seems familiar. Typical CZ gaming. LOL! Why is it so hard for this businessman to admit what actually happened?
HaHa. What did you expect from an idiot who when Binance got hacked started working hard for contacting a lot of mining pools begging them to 51% attack bitcoin so that they can reverse the transaction that stole bitcoin from his weak ass platform!
mk4
legendary
Activity: 2870
Merit: 3873
📟 t3rminal.xyz
October 31, 2021, 10:35:46 PM
#32
Well I do think it would be strange for only email addresses to leak. There is typically more information that leaks when a database is compromised. I would have expected for at least IP addresses and some data about the accounts to leak.

There is a very narrow set of circumstances in which only email addresses would leak from CMC.

Good point. My only guess is if that there was actually a leak that only consisted of emails, they're probably using some bizarre database setup specifically to prevent further damage when a leak does occur. Or maybe it was something like their newsletter database getting leaked specifically, not necessarily the emails of all accounts.
full member
Activity: 1204
Merit: 100
October 31, 2021, 06:49:21 PM
#31
I created an account using a temporary email, but I assume that their database is large and it will cause a lot of losses because beginners trust the emails that are sent to them.

Quote
CoinMarketCap has become aware that batches of data have shown up online purporting to be a list of user accounts. While the data lists we have seen are only email addresses (no passwords),
Source  --> https://haveibeenpwned.com/PwnedWebsites#CoinMarketCap

The weirdest part is this quote, which means they don't know what exactly happened, and just because the password hasn't been hacked doesn't mean that customer data is safe.
I also didn't notice any new security update they made.
If they don't know exactly what happened there is a possibility that passwords were stolen but they just don't know about it and whoever hacked them kept that to himself, I am not taking any risks and my coinmarketcap password is never to be used again at least not with the same email address.
sr. member
Activity: 2030
Merit: 269
October 30, 2021, 12:50:29 AM
#30
https://cointelegraph.com/news/coinmarketcap-hack-reportedly-leaks-3-1-million-user-email-addresses

Just a heads-up for anyone with an account there. Apparently, only the email addresses were leaked, so your account and diamonds are safe but you should still be cautious, you might start getting some phishing attacks sent to your email.

I do not have an account on Coinmarketcap but this is considered a piece of big news and a cause of concern, Coinmarketcap,  is a company owned by Binance and there are millions of users if they can hack a company owned by the biggest exchange in the industry, even small companies are at risk, those who have an account on Coinmarketcap should educate themselves on how to protect themselves on phishing emails, hackers are going to use those emails.
legendary
Activity: 2758
Merit: 1228
October 27, 2021, 08:50:34 AM
#29
https://cointelegraph.com/news/coinmarketcap-hack-reportedly-leaks-3-1-million-user-email-addresses

Just a heads-up for anyone with an account there. Apparently, only the email addresses were leaked, so your account and diamonds are safe but you should still be cautious, you might start getting some phishing attacks sent to your email.

Eventhough they declare that our accounts is safe from that account we can't be so sure since there are other users especially those newbie accounts who use the same email and password for registration on a different platform so maybe there are other people do it on cmc since they think that its safe since this platform is owned by binance. So hopefully there are no victims of hacking on binance in this incident and stay away from phising guys.
copper member
Activity: 2996
Merit: 2374
October 27, 2021, 01:20:50 AM
#28
There have been a lot of hacks of various crypto services over the years. It is not inconceivable to believe that the leaked list is actually a compilation of email addresses used by crypto users.

Yep, never said it was impossible to be the case. It's just that there's a lot of potential reasons how there's a huge overlap between a "leaked" email list with CoinMarketCap's email list. Like how there's almost a guarantee on having a huge overlap between CoinMarketCap/CoinGecko users and Coinbase/Binance users. Something something innocent until proven guilty.
Well I do think it would be strange for only email addresses to leak. There is typically more information that leaks when a database is compromised. I would have expected for at least IP addresses and some data about the accounts to leak.

There is a very narrow set of circumstances in which only email addresses would leak from CMC.
legendary
Activity: 2576
Merit: 1860
October 26, 2021, 08:53:03 PM
#27
CZ is denying the allegations, stating that it's only FUD.

No comment on this because I fortunately don't have a CMC account lol.



https://twitter.com/cz_binance/status/1451855293059584000
Haha, this man is very shameful. They are denying what happened but at the same time are investigating? Cmon.
Btw what are partial matches? Oh, there was a leak on another website maybe on coingecko (joking of course) and somehow it happened like the emails that were leaked on another website were partial matches of the emails registered on coinmarketcap. Haha, idk if anyone believes that but probably people really believe, that's the reason why he lies.

This statement from him is done in order to act like a cool company and the CEO who works like a swiss watch, without problems.

LOL! This response seems familiar. Typical CZ gaming. LOL! Why is it so hard for this businessman to admit what actually happened?

There's no leak. It's simply FUD. There were partial matches on emails, though. And they're investigating. Please someone correct me if I  remember it wrong, but this is also the same response CZ provided during the 2019 Binance KYC leak. The news of the leak was fake. It was merely FUD. But there were also partial matches on the images and personal information. And they're also investigating, even offering a reward for the identification of the supposed hacker as well as VIP upgrades to the affected users.

This man doesn't appear credible at all.
hero member
Activity: 2352
Merit: 905
Metawin.com - Truly the best casino ever
October 26, 2021, 03:10:50 PM
#26
CZ is denying the allegations, stating that it's only FUD.

No comment on this because I fortunately don't have a CMC account lol.



https://twitter.com/cz_binance/status/1451855293059584000
Haha, this man is very shameful. They are denying what happened but at the same time are investigating? Cmon.
Btw what are partial matches? Oh, there was a leak on another website maybe on coingecko (joking of course) and somehow it happened like the emails that were leaked on another website were partial matches of the emails registered on coinmarketcap. Haha, idk if anyone believes that but probably people really believe, that's the reason why he lies.

This statement from him is done in order to act like a cool company and the CEO who works like a swiss watch, without problems.
mk4
legendary
Activity: 2870
Merit: 3873
📟 t3rminal.xyz
October 26, 2021, 12:19:29 AM
#25
There have been a lot of hacks of various crypto services over the years. It is not inconceivable to believe that the leaked list is actually a compilation of email addresses used by crypto users.

Yep, never said it was impossible to be the case. It's just that there's a lot of potential reasons how there's a huge overlap between a "leaked" email list with CoinMarketCap's email list. Like how there's almost a guarantee on having a huge overlap between CoinMarketCap/CoinGecko users and Coinbase/Binance users. Something something innocent until proven guilty.
legendary
Activity: 3052
Merit: 1273
October 25, 2021, 06:00:23 PM
#24
Ridiculous how hackers try to steal data and information for their personal benefits. CMC seems to be working fine, I didn't see any kinda glitch on their site, don't know how and when this hack took place. I've got an account there, but as they claim that the passwords were not leaked, I still smell something fishy happening behind the curtain and I hope that their claims are not proven bullshit later on.

Even if our passwords are not leaked at CMC but some users whose email addresses ever got hacked (with their passwords) could be matched with the ones in the database that was received by the hacker and they may use those users' e-mail address' password, and who know if a user has used the same password here and at many places? It'll definitely ruin things for such users.
legendary
Activity: 3262
Merit: 1376
Slava Ukraini!
October 25, 2021, 05:53:55 PM
#23
Didn't know you can create an account there. What the accounts are for on their platform? (Never visited their site for quite time)
You can use accounts to make a crypto watchlist and keep track of your portfolio, but people were mainly using them to claim diamonds and buy rewards (NFTs, vouchers, etc.). It's basically the same concept that Coingecko introduced some time ago with candies.
Maybe I was living under the rock for some time, but I also wasn't aware that's possible to make account on Coinmarketcap. And didn't knew about their diamonds. Well, fortunately I don't have account there, so my email isn't leaked.

CZ is denying the allegations, stating that it's only FUD.

No comment on this because I fortunately don't have a CMC account lol.

https://talkimg.com/images/2023/09/10/mqa9l.png

https://twitter.com/cz_binance/status/1451855293059584000
Offcourse, it may be just coincidence. But it's also possible that they deny these things just trying to defend their reputation.
copper member
Activity: 2996
Merit: 2374
October 25, 2021, 03:13:14 PM
#22
Can someone tell me why emails are not encrypted or kept more securely, or what makes it more difficult to hack a password than an email?
Email addresses (and other non-password data) is normally stored in a database. The database itself will usually have permissions restrictions prevent an arbitrary person from accessing the database. The reason this information is stored in a database is so the business, in this case CMC can query this information to complete various tasks, such as emailing their customers.

A password on the other hand is typically stored in a "hashed" format. This means the actual is not actually stored, but rather the result of the password being passed into a hash function is stored. This means that someone querying the database cannot actually get the actual password, but if the correct password is entered into a query, it is trivial to confirm the correct password was entered. The reason passwords are stored this way is because there is no valid business reason for someone to query someone's password. Also, the number of people who can access even the hashed passwords is generally more restricted than other parts of the database.

CZ is denying the allegations, stating that it's only FUD.

No comment on this because I fortunately don't have a CMC account lol.



https://twitter.com/cz_binance/status/1451855293059584000
There have been a lot of hacks of various crypto services over the years. It is not inconceivable to believe that the leaked list is actually a compilation of email addresses used by crypto users.
hero member
Activity: 1358
Merit: 851
October 25, 2021, 01:19:31 PM
#21
there's no email or any message that contain malicious links.  So I doubt CZ claimed was right, it was just a FUD because I don't even receive emails in my inbox.
That's not how it works. Hacker will most possibly sell the email database in darkweb. The buyer can be assured that all these emails belong to people who are interested & linked with crypto. They can use the email for phishing purposes, for advertising purposes. You are unlikely to get an email instantly after the hack.
CZ claimed it as FUD? This guy can do anything to cover up their shit. Though I appreciate his business plan & success; he is not a good guy for the crypto at all in general. Can you remember the 7000 BTC hack from Binance? CZ tried his best to prevent the news from being spread everywhere & that's why he took attention to REVERSING (it's not a reverse though) the transaction with a fork even though he was certain that it's never going to happen.
copper member
Activity: 2142
Merit: 1305
Limited in number. Limitless in potential.
October 25, 2021, 10:39:09 AM
#20
so I worried and check my email account but there's no sign of hack there, there's no email or any message that contain malicious links. 
Sometimes it takes times before email lists got sold or spammers got a copy of it. And sometimes its not about malicious link being sent, it includes some marketing emails which you didn't subscribes. Well, I hope it's the case, coz spam emails are annoying.

It's also happened on the Binance exchange before right?  When all accounts have been compromised including emails, correct me if I'm wrong.
AFAIR, it didn't happened yet, it will be a disaster if it will happen considering there are millions users of binance.
legendary
Activity: 2534
Merit: 1233
October 25, 2021, 10:10:32 AM
#19
Didn't know you can create an account there. What the accounts are for on their platform? (Never visited their site for quite time)

I didn't know it either, I just use it to check the price of the coins and the condition of the market, they offer alerts on airdrops but I'm not into airdrops anymore, glad that I did not create an account here, I'm using Coingecko more than Coinmarketcap, but when I'm using price comparison that's the time I use Coinmarketcap.
Yesterday I have read different threads regarding Coinsmarketcap that has been compromised and AFAIK, I had registered there before using my email account associated with this forum account, so I worried and check my email account but there's no sign of hack there, there's no email or any message that contain malicious links.  So I doubt CZ claimed was right, it was just a FUD because I don't even receive emails in my inbox.

Either it's true or not, if our email accounts have been collected by them(hackers) and sooner or later they will send malicious links, we should avoid clicking messages on inbox that has links.  IMO, I don't usually open my email account, my mistake was I used this upon registering the Coinmarketcap platform.

It's also happened on the Binance exchange before right?  When all accounts have been compromised including emails, correct me if I'm wrong.
hero member
Activity: 2926
Merit: 567
October 25, 2021, 05:05:24 AM
#18
Didn't know you can create an account there. What the accounts are for on their platform? (Never visited their site for quite time)

I didn't know it either, I just use it to check the price of the coins and the condition of the market, they offer alerts on airdrops but I'm not into airdrops anymore, glad that I did not create an account here, I'm using Coingecko more than Coinmarketcap, but when I'm using price comparison that's the time I use Coinmarketcap.
legendary
Activity: 2968
Merit: 3406
Crypto Swap Exchange
October 25, 2021, 03:14:15 AM
#17
I don't know when this incident happened, but the fact that they didn't even make an announcement, or even send an email to their user base, says a lot about how they consider the members using their service
They first confirmed [not sure where exactly] it on October 12 and according to mk4's post, it took them 11 days to make that announcement while posting around 100 articles [can't tell the exact number due to how they display the dates after a week] on that period [SMH]!

it will not be easy to deceive them with phishing links.
But it's not impossible either.
mk4
legendary
Activity: 2870
Merit: 3873
📟 t3rminal.xyz
October 24, 2021, 11:31:13 PM
#16
CZ is denying the allegations, stating that it's only FUD.

No comment on this because I fortunately don't have a CMC account lol.



https://twitter.com/cz_binance/status/1451855293059584000
legendary
Activity: 2576
Merit: 1860
October 24, 2021, 08:14:18 PM
#15
Binance' reputation will not be affected and they will not do anything unless there is serious competition from other sites.

I'm not sure about this. There have been signs that Binance is not giving their best, or perhaps spending enough, in terms of security. Binance itself was hacked and tens of millions in Bitcoin were taken. More than a year later, Binance figured in another controversy when its customer's KYC data were leaked. Personal information of about 60,000 Binance users was compromised. And now, Binance-owned coinmarketcap is also hacked.

Binance's reputation, at least in terms of security, will never be the same again. And they should certainly do something about it. This is not about competition against other sites offering similar services. This is about their security.
legendary
Activity: 1596
Merit: 1288
October 24, 2021, 08:10:15 AM
#14
Can someone tell me why emails are not encrypted or kept more securely, or what makes it more difficult to hack a password than an email?
this hack is not important because many will not be affected by the hack, beginners often do not notice the registration button and most of those who create accounts intend to track their favorite currencies and it will not be easy to deceive them with phishing links.

Binance' reputation will not be affected and they will not do anything unless there is serious competition from other sites.
staff
Activity: 3500
Merit: 6152
October 24, 2021, 05:45:02 AM
#13
Here we go...



I received this email a couple of hours ago. Maybe someone here with a CMC account could confirm that they have received the same thing?
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
October 24, 2021, 04:53:45 AM
#12
Since CMC is owned by Binance, this reflect how poor Binance manage security of their service (especially if it's not their main service).

Apparently, only the email addresses were leaked, so your account and diamonds are safe but you should still be cautious, you might start getting some phishing attacks sent to your email.

Not if you're also victim of different data leak which leak the password and use same/very-similar password on different website.
copper member
Activity: 2996
Merit: 2374
October 23, 2021, 09:44:24 PM
#11
I created an account using a temporary email, but I assume that their database is large and it will cause a lot of losses because beginners trust the emails that are sent to them.

Quote
CoinMarketCap has become aware that batches of data have shown up online purporting to be a list of user accounts. While the data lists we have seen are only email addresses (no passwords),
Source  --> https://haveibeenpwned.com/PwnedWebsites#CoinMarketCap

The weirdest part is this quote, which means they don't know what exactly happened, and just because the password hasn't been hacked doesn't mean that customer data is safe.
I also didn't notice any new security update they made.
If all that is for sale are email addresses and not passwords (hashes), it is probably safe to assume that passwords were not compromised. Although you should use a unique and distinct password for every account you have.

It is possible that the attacker used some type of vulnerability that will leak information about if a specific email address is associated with an existing account. The attacker could then attempt to use whatever method leaks this information by trying a list of known email addresses known to be associated with bitcoin users against this method.
hero member
Activity: 3038
Merit: 634
October 23, 2021, 06:00:05 PM
#10
My friend sent me a picture of email that ihavebeenpwned emailed him that his account in CMC got pawned by hackers and he don't know what to do. I don't have any account made on CMC but didn't know that there's sort of diamonds there.

I just told him to change his passwords rightaway after receiving that image of notification to me.
hero member
Activity: 2352
Merit: 905
Metawin.com - Truly the best casino ever
October 23, 2021, 05:58:40 PM
#9
The weirdest part is this quote, which means they don't know what exactly happened, and just because the password hasn't been hacked doesn't mean that customer data is safe.
I also didn't notice any new security update they made.

I never wanted to create an account with them because they are offering service for free so we can't expect our emails to be safe there. Anyway users should be careful now with the phishing attacks it may not happen immediately but since the data like email exposed we can expect the scammers use this to promote scams or steal crypto funds.
You can check different temprorary email websites, some of them aren't blacklisted. Also, you can create brand new acount on Gmail without much additional (and correct) information and use it for cases where you don't want to use your primary email. I guess people rarely use only single email, right? Idk...

That's what happens when you spend too much time bragging on Twitter and don't spend money on security for your infrastructures.
I'm kidding but it's somewhat true for many companies (crypto or not).

Many companies neglect investments in security, even when they operate in sensitive business areas (like finance for example).
Guess why many (too many) crypto platforms have been hacked over the years? Then guess why those that invest literally millions of dollars have never had any problems?If you don't take proactive measures, you will have problems sooner or later

I don't know when this incident happened, but the fact that they didn't even make an announcement, or even send an email to their user base, says a lot about how they consider the members using their service
Coinmarketcap is owned by Binance, right? I think it may have some temporary effect on their reputation but people will forget it very soon. Btw coinmarketcap isn't a financial service provider and seems they didn't care much about that but it's funny when you pay enormous amount of money to acquire CMC but do nothing to improve the security.
Like you said, that truly shows how they treat the users but again, people forget things easily. It didn't have any influence on BNB coin btw.
copper member
Activity: 2940
Merit: 4101
Top Crypto Casino
October 23, 2021, 01:32:31 PM
#8
That's what happens when you spend too much time bragging on Twitter and don't spend money on security for your infrastructures.
I'm kidding but it's somewhat true for many companies (crypto or not).

Many companies neglect investments in security, even when they operate in sensitive business areas (like finance for example).
Guess why many (too many) crypto platforms have been hacked over the years? Then guess why those that invest literally millions of dollars have never had any problems?If you don't take proactive measures, you will have problems sooner or later

I don't know when this incident happened, but the fact that they didn't even make an announcement, or even send an email to their user base, says a lot about how they consider the members using their service
legendary
Activity: 3472
Merit: 3507
Crypto Swap Exchange
October 23, 2021, 01:18:40 PM
#7
Thanks for the heads-up, a wasn't really aware of this. I can't recall if I have created an account there but I have clearly remembered that I had not bought anything from there. So I think I am safe from losing something except email. I am not sure why but for a few days I have been receiving a few spam mail including a few files to download, the title is something like free bitcoin, and so on. I am pretty sure they are all phishing attempts or included malware, so I just delete the mail without checking anything since I am not familiar with the mail address. I think everyone should be careful from such as mail.

so well I got a lot of some weird emails at once. as if I had suddenly subscribed to a newsletter from a bunch of porn sites and investment opportunities. one of my alternate email addresses, but the last couple of days I get over 100 spam emails daily.

maybe this is not to worry about, as far as I can see no one used them seriously, nor did they have any great value there. but if we know that CMC is owned by Binance, it seems much more serious if their developers have failed to make a good enough protection.
legendary
Activity: 2422
Merit: 2228
Signature space for rent
October 23, 2021, 12:24:19 PM
#6
Thanks for the heads-up, a wasn't really aware of this. I can't recall if I have created an account there but I have clearly remembered that I had not bought anything from there. So I think I am safe from losing something except email. I am not sure why but for a few days I have been receiving a few spam mail including a few files to download, the title is something like free bitcoin, and so on. I am pretty sure they are all phishing attempts or included malware, so I just delete the mail without checking anything since I am not familiar with the mail address. I think everyone should be careful from such as mail.
hero member
Activity: 2366
Merit: 793
Bitcoin = Financial freedom
October 23, 2021, 08:42:56 AM
#5
The weirdest part is this quote, which means they don't know what exactly happened, and just because the password hasn't been hacked doesn't mean that customer data is safe.
I also didn't notice any new security update they made.

I never wanted to create an account with them because they are offering service for free so we can't expect our emails to be safe there. Anyway users should be careful now with the phishing attacks it may not happen immediately but since the data like email exposed we can expect the scammers use this to promote scams or steal crypto funds.
legendary
Activity: 2702
Merit: 4002
October 23, 2021, 08:06:40 AM
#4
I created an account using a temporary email, but I assume that their database is large and it will cause a lot of losses because beginners trust the emails that are sent to them.

Quote
CoinMarketCap has become aware that batches of data have shown up online purporting to be a list of user accounts. While the data lists we have seen are only email addresses (no passwords),
Source  --> https://haveibeenpwned.com/PwnedWebsites#CoinMarketCap

The weirdest part is this quote, which means they don't know what exactly happened, and just because the password hasn't been hacked doesn't mean that customer data is safe.
I also didn't notice any new security update they made.
staff
Activity: 3500
Merit: 6152
October 23, 2021, 06:31:19 AM
#3
Didn't know you can create an account there. What the accounts are for on their platform? (Never visited their site for quite time)

You can use accounts to make a crypto watchlist and keep track of your portfolio, but people were mainly using them to claim diamonds and buy rewards (NFTs, vouchers, etc.). It's basically the same concept that Coingecko introduced some time ago with candies.

copper member
Activity: 2142
Merit: 1305
Limited in number. Limitless in potential.
October 23, 2021, 05:50:48 AM
#2
Didn't know you can create an account there. What the accounts are for on their platform? (Never visited their site for quite time)
staff
Activity: 3500
Merit: 6152
October 23, 2021, 05:36:46 AM
#1
https://cointelegraph.com/news/coinmarketcap-hack-reportedly-leaks-3-1-million-user-email-addresses

Just a heads-up for anyone with an account there. Apparently, only the email addresses were leaked, so your account and diamonds are safe but you should still be cautious, you might start getting some phishing attacks sent to your email.
Jump to: