CoinMarketCap: No Data Breach Despite 3.1M Emails Leaked

Despite the fact that a list of more than 3.1 million email addresses related to the CoinMarketCap database has begun to circulate, the business claims that there is no indication of a data breach.

CoinMarketCap: No Data Breach Despite 3.1M Emails Leaked
CoinMarketCap: No Data Breach Despite 3.1M Emails Leaked | Image credits: CoinMarketCap

According to CoinMarketCap, there has been no evidence of a data breach despite the distribution of a list of 3.1 million email addresses that are linked to CoinMarketCap users' accounts.

CoinMarketCap is a cryptocurrency price tracking website. In April 2020, cryptocurrency exchange operator Binance Capital Management acquired CoinMarketCap for an undisclosed sum.

Only email addresses are included in the data, and no other personal information contained, according to Bank Info Security. Even as far back as August, the information had been made public on a well-known data breach forum.. It reappeared on the same topic at the beginning of this month.

CoinMarketCap stated on Saturday that it has run a rigorous security review, and there is no evidence of any security breach of our servers.

Cryptocurrency exchange-traded fund CoinMarketCap believes the list was collected from previously disclosed data breaches.

Having a long, accurate list of people interested in cryptocurrency, regardless of where it came from, is quite valuable for phishing attempts. The fact that this information appears to have been circulating for at least two months suggests that this has happened.

The company stated, "We believe that a bad actor (or actors) took a list of leaked emails (this list that claims to be from CoinMarketCap) and compared it with other batches of leaked data," [...] "This is how the list of emails that claims to be from CoinMarketCap looks real -- it’s because it’s a 'cleaned' email dataset from the Dark Web that has occurred in previous leaked email sets totally unrelated to CoinMarketCap."

A total of more than 50,000 users were notified about the data leak

Whether or not the email list correlates 100% with CoinMarketCap accounts was not stated by the company. There has been a connection established between our subscriber base and the company's earlier statement, but that has yet to be confirmed.

They've been entered into a data breach notification service, Have I Been Pwned, which alerts users to data breaches. A total of 50,000 CoinMarketCap users and Have I Been Pwned subscribers have been notified.

CoinMarketCap users who Hunt spoke to acknowledged they all had CoinMarketCap accounts, according to Hunt's claims. As Hunt points out, when there is misattribution, people sometimes respond by saying they don't have a CoinMarketCap account. That didn't happen after the 50,000 alerts were sent out.

When it comes to enumeration vectors, attackers are always on the lookout for systems that give out information, such as the existence of an account. These enumeration flaws can be found in password reset operations or in registration procedures, which can indicate if an email address provided as a username already exists.