14 DAY TRIAL // SealsWithClubs, which is said to be the world’s largest Bitcoin poker website, has been hacked. The credentials of 42,000 users have been obtained by the attackers.
In a statement posted on its website, SealsWithClubs revealed that the data center it used until November was breached, resulting in the user database becoming compromised.
The company has noted that passwords are salted and hashed, but users are advised to change their passwords next time they log in.
“Please do so at your earliest opportunity. If your Seals password was used for any other purpose you should reset those passwords too as a precaution,” the poker site’s representatives said.
This is probably good advice, considering that the passwords are hashed using the SHA1 algorithm. Ars Technica has come across an InsiderPro forum post in which one user is asking for help with cracking 42,000 salted SHA1 passwords.
It’s worth noting that SealsWithClubs hasn’t said anything about the number of impacted individuals, but the information posted on InsiderPro appears to be from the poker site’s systems (some password examples are “sealswithclubs,” “pokerseals” and “88seals88”).
The individual who started the thread is offering $20 in Bitcoins for every 1,000 cracked passwords. Thousands of them have already been cracked. The first 1,000 were obtained less than 10 minutes after the archive containing the hashes and salts was made available.
SealsWithClubs says that it’s planning on implementing additional security measures in the near future. Two-factor authentication has already been rolled out, but users will also be able to lock the withdrawal address, lock the transfer feature, and access the account only from certain IP addresses.
Around 7 hours ago, the poker website announced on Twitter that transfers had been disabled, and that it notified customers that cashouts and support emails would be slower than usual.