Security Update for CoolWallet S Community:
Crypto exchange Coinmama issued a statement about a possible security breach on February 15.
An old 2017 database with account details and hashed (encrypted) passwords was allegedly compromised.
Please note, CoolWallet users who used our CoolBitX app to register with them are not affected.
However, we recommend all Coinmama users reset your account details with them. Read further to see how.
According to Coinmama, only accounts registered before 5 August 2017 are potentially at risk. No credit cards details or actual passwords were leaked.
We added our Coinmama affiliate link on our app in late 2018, therefore our users should be unaffected, unless you registered with them through an external source.
Regardless, it’s better to be safe than sorry.
We advise all our CoinMama users to reset your passwords here and to avoid using their platform for the time being, until all investigations are completed.
Please note, we take great care in choosing our partners (Coinmama has been operating since 2013), but we have no direct control over them.
We can only control how we protect you.
Coinmama Statement (abridged)
1. What happened?
CoinMama found on February 15, 2019 that a malicious party gained access to over 450,000 user emails and hashed passwords dating from August 2017 and back. The hack is part of a much wider industry breach and apparently affects over 800 million accounts.
Coinmama immediately started to investigate the issue and notified users affected by the breach on how to protect their accounts. Affected users are now required to create a new password when logging in.
2. What information was exposed?
Coinmama believe that the database hack only pertains to emails and hashed passwords of users who registered before August 5th, 2017. The company doesn’t store credit card details nor user funds.
3. What is a hashed password? Is it your real password?
A hashed password is an encrypted long string of characters that doesn’t reveal your actual password. Therefore, if someone has the hashed password, they still don’t have your actual password.
4. Who’s responsible for the breach?
Coinmama doesn’t know yet who’s behind it. It appears to be the same party that has targeted almost 30 other companies and over 800 million old accounts since 2017.
5. What steps can I take next?
Here are the official instructions to follow, per CoinMama’s Blog:
– If you registered prior to August 5th, 2017, immediately change your password and change it on any other service using the same login details (email and password). We’ve sent you an email with further instructions on how to protect your account and data
– Always use a unique password with at least 8 characters, using a mix of upper-case and lower-case letters, numbers and symbols.
– Be careful of any unexpected communication that asks for your personal data or directs you to a website asking for your personal data
– Avoid clicking links or downloading attachments from suspicious email
– If you registered an account before August 5th, 2017, you may have received an email from Coinmama. Any official email will not include any attachments or ask you for any personal data.
6. How do I reset my CoinMama password?
Step 1: Go to Coinmama’s Recover Password page and enter your email address.
Step 2: Click the confirmation link in the email they send you.
Step 3: Create a unique password with 8 characters or more, using capital and lower-case letters, numbers and special characters.
Security Tip: Make sure you’re on the official page by double checking the URL’s security certificate.
Click on the lock icon next to the URL. You should see something like this:
That’s it from us. We’ll keep you posted on any new developments.