- 3.1 million email addresses linked with CoinMarketCap accounts are leaked.
CoinMarketCap is the new victim of a cyberattack that exposed 3.1 million user email addresses. The information became public after the hacked email addresses were discovered to be bought and sold on multiple hacker forums, and it was reported by Have I Been Pwned, a website dedicated to tracking hacks and compromised online accounts.
Here are some official stats from data breach:
- Breach date: 12 October 2021
- Date added to HIBP: 22 October 2021
- Compromised accounts: 3,117,548
- Compromised data: Email addresses
In return CoinMarketCap has released the following statement: “CoinMarketCap has become aware that batches of data have shown up online purporting to be a list of user accounts. While the data lists we have seen are only email addresses (no passwords), we have found a correlation with our subscriber base. We have not found any evidence of a data leak from our own servers — we are actively investigating this issue and will update our subscribers as soon as we have any new information.”
- 01:02 PM IST, October 23rd: CoinMarketCap has posted a tweet, assuring its users that there has been no leak from its own servers.
As no passwords were found in the data leak, the team have an assumption that it was obtained from another platform where users have reused passwords across several sites. Team suspects that a malicious actor matched a list of hacked emails to previous batches of leaked data. This is how the list of emails claiming to be from CoinMarketCap appears to be from
cleaned email dataset from the Dark Web which are previously leaked email sets completely unrelated to CoinMarketCap.
The team has advised users to We urge everyone adopt good cybersecurity habits, and to have unique passwords on every site they use.