Hackers Dump 2.2M Gaming, Cryptocurrency Passwords Online
Passwords and other personal data of more than 2.2 million users were revealed as a result of dual data breaches. Users of cryptocurrency walled GateHub and gaming bot provider EpicBot were posted online despite heavy encryption. Security researcher Troy Hunt announced on Tuesday that he had uncovered databases with information from 1.4 million GateHub accounts and 800,000 EpicBot accounts. The database included emails and passwords encrypted with technology called bcry.pt, popular for its reputation as extremely difficult to break. GateHub acknowledged the hack over the summer, however, they stated that hackers had only accessed 18,473 customer accounts and that the data only included email addresses, hashed passwords and recovery keys, and full names if provided.
EpicBot has not acknowledged that it has been hacked, and information exposed from this breach includes usernames and IP addresses of account holders. Hunt is the founder of Have I Been Pwned, a notification service that notifies customers when there is a possibility their data has been exposed. Hunt used a small sample of customers of both GateHub and Have I Been Pwned to verify the authenticity of the data.