Another sad incident of data theft took place at a famous Bitcoin marketplace known as Keepchange. Luckily no Bitcoins were reported stolen by Keepchange after the occurrence of the incident.
It was reported by Keepchange on Thursday, 11th February, 2021 that it was attacked by hackers. Keepchange that the hackers managed to gain access to the client area where the data relating to its customers was exposed to them. The exposed data included complete names, phone numbers as well as email addresses and bank account(s), and other details. Once the hackers got access to the admin area, they then reportedly sent withdrawal requests to Keepchange. What was alarming was that the hackers requested the withdrawals to be deposited in accounts other than those of the customers.
However, Keepchange informed that no withdrawal request was heeded and in fact each and every request was denied.
It was informed by Keepchange after the incident that though no Bitcoin were found missing or stolen, yet the data came under potential risk. The company told that the hackers have successfully stolen customers’ credentials. The credentials included personal details of the customers as well as other details such as passwords which were encrypted. Furthermore, data relating to transactional history and trade counts was also included in the data theft.
Keepchange has been claiming that the though the hackers got the passwords however they cannot decrypt them. Since the passwords had been stored in hash form therefore it makes literally impossible for someone to break in. However, as an immediate measure, Keepchange has insisted upon those of its customers whose data was stolen to change their passwords instantly.
It was further revealed by Keepchange that though the hackers had tried to stole Bitcoin funds but could not succeed. Keepchange told that one of its security protocols prevented the hackers to steal any crypto funds.
Soon after the incident, the company has further employed series of safeguards such as “Login Guard”. Through this safeguard whenever the customer will try to log into his account, he will receive an email first containing a secured link. The customer will then be required to follow the link to get access to his account maintained with Keepchange.
Further announcement has been made by Keepchange according to which firstly the withdrawals have been temporarily suspended. This step has been taken by the company to conduct an initial probe of the incident internally. During this temporary suspension, customers will have considerable time to apply new passwords.
Secondly, on 12th February, the withdrawal suspension will be lifted and the customers would be able to send their requests as usual. However, trading, selling, and buying have not been suspended during this time, as clarified in Keepchange’s announcement. Furthermore, the company has committed to prevent any such hack attacks in the future.