Database containing data on more than 3 million CoinMarketCap users put up for sale

Unknown parties have put up for sale a database containing the email addresses of 3.1 million CoinMarketCap users. The records do not contain passwords, Have I Been Pwned reports.

New breach: 3.1M email addresses from CoinMarketCap were found being traded this month. CMC have advised there is «a correlation with our subscriber base», but are yet to identify the source of the data. 99% were already in @haveibeenpwned https://t.co/LGaAnj1hUA

— Have I Been Pwned (@haveibeenpwned) October 22, 2021

“Because, in the records we reviewed, there are no passwords, we believe the data most likely came from another platform where users could reuse passwords on multiple sites. We believe that the attacker (or attackers) compared the list of addresses with other data leaks. Thus, the list of CoinMarketCap user addresses looks real — it is a ‘cleaned’ set of email data from the dark web that has appeared in previous leaks not related to the service,” according to the company’s blog.

In 2020, the cryptocurrency exchange Binance acquired CoinMarketCap. The terms of the deal were not disclosed. Media reports put the figure close to $300 million.

As reported in October 2021, hackers exploited a vulnerability in Coinbase’s two-factor authentication system and gained access to thousands of user accounts.