Data and private messages of Ethereum forum users have been stolen
A database containing data from 16,431 users of the Ethereum forum has been looted. In addition to IP addresses, usernames and e-mail addresses, forum and private messages are in the database. The hashed passwords have also been stolen.
The Ethereum project was notified of the data theft on December 16. According to the organization, it concerns a backup of a database from April 2016. The hacker would have reported the break-in himself and the person says that he is the same hacker who earlier in December managed to steal hundreds of thousands of euros in cryptocurrencies from the Chinese investor. Bo Shen. The hacker claims to have gained access to a phone number through social engineering, which gave him access to another account, which in turn had access to the database backup.
The database contains forum posts, private messages, IP addresses, usernames and email addresses, profile information, and hashed passwords. Most of the passwords are hashed with bcrypt and provided with a salt. About fifteen hundred passwords are provided with a WordPress hash and salt. There are also two thousand accounts without a password that use a federated login, for example via Google or Facebook.
Forum users whose information has been stolen have been notified by the organization and will receive additional information about the leak via email. The team also says that access to the database has been disabled and that it is adjusting its internal guidelines. For example, members are no longer allowed to use phone numbers to recover accounts and encryption must be used for sensitive data. Furthermore, the organization has reset all passwords of forum users.
The forum’s administrators have handed over the email addresses of the users whose data has been stolen to Troy Hunt, the founder of the website ‘Have I been pwned’. There, people can check whether their data is part of a data breach. Hunt notes that it is rare for organizations to provide the leaked data to the service themselves.