Cloudminr User Accounts Hacked: Data Sold for a Single Bitcoin?
The Bitcoin service Cloudminr.io was allegedly hacked on July 7, 2015. Various sources coming from Reddit, and BitcoinTalk have detailed a case of over 80,000 Cloudminr users’ data breached. Over the weekend, this information went up for sale for one single Bitcoin.
The data included the personal information of Cloudminr users passwords, Twitter accounts, and Facebook accounts. A CSV (comma separated values) file was shown at the site showing the accounts for sale. The entire server seems to be under control of the hackers, and the company is up for sale.
Reports have accused Cloudminr operations as “shady” and, that this attack is possibly an “Inside job.” Many on Reddit and other sources say that an employee was either compromised or they were the culprits. Another possible conclusion is Cloudminr did not store passwords as hash. When stored in hash, passwords are not as easily accessible.
The Norwegian company has made no announcements and the criminal activity has found its way to sites like Pastebin. The files found have been quickly removed but are most likely accessible in remote web caches. The account information breached shows the attackers can attack users who use the same password for many accounts including social media.
California-based review site, “The Cloud Mining Directory” says Cloudminr operations are seemingly a “Ponzi Scheme” since the hack. Initially calling it one of the largest cloud sites in the industry. The cloud review website says:
“Cloudminr.io claims they have been hacked, and that is the reason their website is offline. However, it looks like this may have been a Ponzi scheme, and they will never come back online. Until they come back online, I am reducing trust rating to zero”
The accusations at this time cannot be 100% confirmed. Whether an inside job or a hack, Bitcoin.com readers are reminded to change their passwords if they used Cloudminr in the past. When initiating a web-service, always use long passwords, and different unique ones for every account and web service. Using the same password across platforms is not secure. This is just another reason cryptocurrency enthusiasts need to hold their private keys and keep constant on security practices in the Bitcoin ecosystem.
Official statements from Cloudminr.io have not come in. Bitcoin.com reached out to Cloudminr and recieved no response. There is no telling whether balances and wallets on the server have been breached. Bitcoin.com is investigating the story thoroughly and will report more on the story as it unfolds.
Do you think the Cloudminr hack was an “Inside Job”? Let us know in the comments below!