Copy link
Increase text size
Decrease text size
Link copied

1.4M GateHub user information compromised five months after it suffered a hacking incident

Hackers have apparently taken sensitive information out of GateHub clients, with data ranging from passwords to email addresses to mnemonic phrases and wallet hashes.

Image: GateHub (Twitter)

Thu, 21 Nov 2019, 04:50 am UTC

GateHub, a cryptocurrency wallet service, has reportedly suffered another attack, this time compromising a significant portion of user data. The news comes from Troy Hunt, the brain behind the data-breach monitoring service Have I Been Pwned, Ars Technica reported.

According to Hunt, there are two services that have been compromised that amount to 2.2 million user information falling on the hands of illicit actors. First is GitHub that accounts for 1.4 million and the other is the all-in-one Runescape bot provider EpicBot, which is at 800,000.

The stolen data is vast, which includes email addresses, passwords, two-factor authentication keys, mnemonic phrases, and wallet hashes. The data was reportedly posted on the hacker-frequented site, RaidForum, and comes four months after GateHub suffered a hacking incident.

GateHub’s reputation is taking more hits

GateHub officials are currently investigating the matter and said that wallet hashes have not been compromised. However, this isn’t promising since the site failed to disclose the right amount of affected users in the aforementioned hacking attack that occurred in June.

GateHub previously said that only 18,473 accounts were affected. But this new information reveals that it’s bigger than what was previously assumed. In an official statement released by the crypto wallet service, they said that they’re still looking into the matter and will keep its clients updated once further information has been unearthed.

“We are aware of a database posted on RaidForums whose author claims that it belongs to GateHub. The alleged GateHub database is being thoroughly examined by our team, therefore, we are unable to confirm its authenticity at this time. We will make sure to keep you posted of any updates,” the statement read.

Compromised clients are encouraged to be vigilant

Despite this assurance, however, most are unimpressed by how GateHub has handled the situation since it failed to notify its user base of the breach. EpicBot, on the other hand, has gone radio silent at the time of writing.

Clients of both services are encouraged to change their compromised passwords if it has been used on other services. They’re also advised to be vigilant for future phishing attacks that have been one of the most favored methods of hackers in recent years.

TokenPost | [email protected]

<Copyright © TokenPost. All Rights Reserved. >

Back to top
Copyright ⓒ TokenPost. All Rights Reserved.