Cryptohopper Data Breach

Please read our latest update about the Data breach that occurred the night of Thursday (the 9th) unto Friday (the 10th).

We detected SQL injection requests on our website API on the night of Thursday (the 9th) unto Friday (the 10th) but were able to stop the attack quickly.

Due to the nature and markup of the SQL injection requests, we decided to take action by clearing all sessions and cookie keys immediately, revoking all access tokens, refresh tokens, and deleting authorization tokens.

While assessing the impact, we discovered that the following user-specific had been obtained: name, username, email, password (encrypted), block, register date, and last visit date.

Because of the seriousness of the attack, we decided to send out a mailing to all customers asking to change all passwords and API keys to be sure, even though the passwords are heavily encrypted thus useless, and API keys haven't been obtained.

We will contact those affected once our research has been finished, this should take another day. This information will be available in your user profile. As a safety precaution, we mention it again; please change your Cryptohopper account, and exchange passwords and API keys and your 2 factor authentication.

Needless to say that we take this seriously and while a fix has been implemented, we will do everything to get to the bottom to prevent this from happening again.

More details about our measures regarding prevention will follow. The data protection authority has been informed. We will also launch a full-scale investigation of the attack and report the findings to the authorities.

Since email addresses have been obtained, beware of fake (phishing) emails and never share your account or API Key details.

We will keep you informed about our findings. Thank you for your support and trust. For additional information about how to keep your accounts safe, please check the following blog: How to secure your account from cyber attacks