Xilobyte Posted August 9, 2017 Share Posted August 9, 2017 (edited) ---------------------------- Again, the importance of NOT keeping your money online cannot be stressed enough. Let's tear up this email notice a bit. It appears the "Wallets" themselves had not been infiltrated however it does appear that it is possible the thieves had enough access to move money in and out of the wallet. This part is unverified, however the warning to change the 2FA and passwords suggest that data which was accessed was serious enough to allow monetary damages. To be more clear for those whom may not fully understand, basically a bad guy gained access to the database where all of the website's data is located. There, they had access to your Litebit account password. Now the questions is, how is this password stored? It maybe a weak MD5 or maybe superior encryption but encrypted or not, the possessor of the data only needs time. It is possible this breach was only phase one. Next they had access to the 2fa key. This is either a hash of some sort or simply a pin code. It depends on who or what designed the 2fa. Either way, with access to the database, they can change the account email to one which they control and even request a password reset email to gain control of your account. The point is that using the exchanges is just fine for the most part. Not like you have another choice, but go the extra mile and create your own wallet on your own systems and control your money there. You have no idea who the programmed is on these systems and if they even know what they are doing. -----------------------------EMAIL: Our team has noticed suspicious activities on the LiteBit servers on the 5th of August 2017. We regret to inform you that someone without authorization had access to LiteBit data. There has been no intrusion on our wallet servers, all coins owned by clients are safe. The intruder also didn’t have access to any of the uploaded verification documents (such as your identity card or your passport). The cause of this breach is known and has already been solved. It is not clear if the intruder has stolen user data. In the worst case scenario the intruder has had access to your email address, hashed password, IBAN, phone number, address and your portfolio data. What does this mean for you? If you have 2-factor authentication enabled it is very important to disable and re-enable the authenticator. If you do not have 2-factor authentication enabled we recommend you to enable it. It is also important to change your password. We also recommend you to change your password regularly to guarantee the safety of your account. Edited August 9, 2017 by Xilobyte Bitpam and 7strings 1 1 Link to comment Share on other sites More sharing options...
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!Register a new account
Already have an account? Sign in here.Sign In Now