Japanese cryptocurrency exchange Coincheck attacked by hackers, customer emails exposed
Japanese cryptocurrency exchange Coincheck has issued a press release. To which they announced that earlier this week, the hackers managed to access some customers’ emails sent to the firm. The hackers got hold of the DNS records for the coincheck.com domain at the firm’s third-party domain registrar. They changed the records to forward incoming emails to the hackers.
The Full Story Of Coincheck Crytocurreny Attack
- Due to the changes in DNS, the hackers illegally had access to some of the emails sent to Coincheck between 31st May and 1st June.
- Such emails contain the sender’s information like an email address that can be used by the cyber-criminals.
- Coincheck said that there is a possibility that the leaked data may include the personal information of the users. Including name, registered address, date of birth, phone number and ID selfie.
- They believe that the incident might have affected around 200 customers. The domain records have been changed back to normal and the domain registrar has initiated an investigation to see what went wrong.
- Once they understand how the hackers got hold of the account, they will be able to upgrade the security of their database.
Even Secure Password Failed To Prevent The Coincheck Crytocurreny Attack
It has to be noted that Coincheck is using a unique and hard-to-crack password to ensure the security of their account with the domain registrar.
This incident has exposed the system where even a strong password is not enough to secure the account. The experts believe that Coincheck must be working with the domain registrar further to increase the security of the account with two-factor authentication.
Though 2FA is available with almost every domain registrar across the world, the domain owners often fail to activate it to secure the accounts. Many companies have fallen prey in hackers’ hands amid a lack of essential security features in place. Domain registrars often inform the customers to activate 2FA for their accounts if they haven’t done it yet, but the request goes unheard.
Coincheck has history of falling prey of attacks
Coincheck has been on the receiving end of the hacking attempts in the past as well. Back in January 2018, the cryptocurrency exchange was hacked. Unfortunately, by the time the company managed to remove the hackers from the system, they lost digital coins worth $500 million.
In the past, DNS hacking has affected the services of Lenovo, Whatsapp and Bitcoin wallet service Blockchain.info. Additionally, the hackers managed to attack the accounts running on an older system or do not have 2FA.
What should you do?
As per the experts, change in DNS records can lead to a significant loss, especially for enterprises.
- As a customer, you must activate the two-factor-authentication system in your domain panel to ensure better security.
- Make sure not to open any link regarding your domain or hosting from an unknown source.
- If you want to make any changes in your account. Then make sure to log in from the registrar’s website rather than using a link from an email or message.
- Hackers often use link shortening services to mask malicious URLs. Thus, you should not click on any short link from an unknown source.
Protect your computer with HitmanPro Now
Although, it is very important to enable 2FA on your accounts, and use strong passwords. But to keep the passwords secure you should use a reputable Password Manager tool like Dashlane(Review).
To secure Your Digital Wallets download DashLane Password Manager Now.