A security researcher behind the data breach index site “Have I Been Pwned” said that password data and personal information of 2.2 million users of two websites have been dumped online.
On Nov. 19, Ars Technica reported that security researcher Troy Hunt confirmed that the compromised data belonged to accounts of cryptocurrency wallet, GateHub, and RuneScape bot provider EpicBot.
According to Hunt, the first haul included personal information for as many as 1.4 million user accounts from GateHub cryptocurrency wallet. The second contained data for about 800,000 user accounts on the self-proclaimed world’s safest all-in-one RuneScape bot provider, EpicBot.
The stolen information reportedly includes registered email addresses, passwords, two-factor authentication keys, mnemonic phrases, and wallet hashes. GateHub officials said that the wallet hashes were not accessed, according to what an investigation had suggested.
It is not the first time Gatehub has to endure a data breach. In June, hackers were reportedly able to compromise around 100 XRP Ledger wallets, which resulted in nearly $10 million in stolen funds.
Also in June, Gatehub warned that there was a phishing scam campaign targeting its cryptocurrency wallet users. According to the company, GateHub’s wallet users were receiving malicious emails from addresses that looked like they were from GateHub: “@gatehub.com” and “@gatehub.net.”
As technology and security improve, hackers have gotten corresponding more creative with the scams and hacks they carry out. One of the more disastrous hacks in recent years was the Slovenian-based Bitcoin (BTC) mining marketplace, NiceHash. A hacker stole approximately 4,700 Bitcoin, worth about $64 million at the time of the hack in December 2017. The platform called the security breach a highly skilled and organized attack that was carried out with sophisticated social engineering.