Users of the “cloud mining” service Cloudminr.io were greeted with an unwelcome surprise when they showed up at the site in the last several hours: a CSV (comma separated values) file containing a sample of the entire user database for the website. The whole site is apparently for sale, and the hackers appear to have full control of the server at this point.
Poor security practices are one of the hazards one can run when putting their money with anyone remotely. For some (yet) unknown reason, the passwords and other user information for the entirety of the database were not stored as a hash. Just as likely and/or possible is that an employee was compromised, and the hashed data was then potentially accessible that way.
The hackers are offering the entire database for sale for the low price of 1BTC. A buyer could make their money back if any of the credentials were useful somewhere else where the user might have more than 1BTC sitting, waiting to be stolen.
No word yet on what has become of all the other internal operations of Cloudminr.io, whether balances and wallets were compromised or simply parts of the server that were more public-facing than that. Reaching Cloudminr at this point is unreliable, but CCN is on the case.
Whatever has happened, all users of Cloudminr.io are recommended to change their passwords at all other sites where they use even remotely similar credentials. Any security questions or back-up information should updated or obfuscated.
Images from Pixabay and phm.link.
Last modified (UTC): July 13, 2015 03:14