Data breach monitoring service, LeakedSource revealed on Friday (September 03) that that leading cryptocurrency exchange BTC-E.com and largest bitcoin discussion forum Bitcointalk.org suffered major hacks in 2014 and 2015 respectively.
LeakedSource, which is a great source for leaked passwords and accounts has reported that 499,593 user details of Bitcointalk.org were actually stolen in May 2015 which comprised of "usernames, emails, passwords, birthdays, secret questions, hashed secret answers and some other internal data." It confirmed that 91% were hashed with sha256crypt, which would take a year to crack around 60-70% of them. The remaining 9% were hashed with MD5 and a unique salt and LeakedSource has cracked around 68% of them.
In the BTC-E.com hack, 568,355 accounts had been compromised in October 2014.
“They [BTC-E.com] used some unknown password hashing method which currently makes their passwords completely uncrackable although that may change. This is good because if the passwords were easy to crack, hackers could log into the exchange and start stealing members Bitcoins”, LeakedSource said.
The BTC-E.com hack is more serious since wallets could be accessed and bitcoins stolen. LeakedSource says it hasn't yet seen any news about stolen BTC-E customers losing their coins.
The presence of two hash types suggest they changed their password storage mechanism at some point.
Meanwhile, the company also disclosed that 43 million account details were stolen from music site, Last.fm in 2012.
Last.fm was hacked on March 22nd 2012 for a total of 43,570,999 users which is becoming public like all others. The site said that the most commonly used password on Last.fm is the shockingly common, ‘123456’, followed by 'password' and 'last.fm'.
LeakedSource is processing enough additional databases to publish one per day or several years.