14 DAY TRIAL // Two popular crypto-currency sites, the BTC-E Bitcoin exchange and the BitcoinTalk forum, suffered security breaches in 2014 and 2015, respectively, according to data breach index service LeakedSource.
Unlike the Last.fm breach from yesterday, the passwords associated with users accounts from these two sites featured much better security.
The crypto-currency community, in general, has more respect for user data and password security in general, given the sensitive nature of the data it handles.
BTC-E data breach
According to analysis from LeakedSource, hackers penetrated BTC-E in October 2014 and stole 568,355 user records.
The BTC-E data includes usernames, emails, passwords, IP addresses, registration dates, language settings, and data related to the user's Bitcoin wallet balance.
LeakedSource says all passwords strings were hashed with an unknown algorithm, which made them "completely uncrackable" at this moment in time.
If an attacker manages to reverse-engineer the hashing algorithm and cracks the BTC-E passwords, they would be able to steal money from users' Bitcoin wallets.
BitcoinTalk data breach
For BitcoinTalk, the data LeakedSource received and indexed on its site is from an incident dating from May 2015, which the company publicly acknowledged on Twitter.
An unknown attacker used social engineering against an employee of NFOrce, BitcoinTalk's ISP. The attacker got hold of credentials for various servers, including the ones used by BitcoinTalk.
Forum administrators suspected the attacker stole passwords hashes and email addresses. According to data seen by LeakedSource, the attacker managed to dump and steal the entire forum database, which included usernames, emails, passwords, birthdays, secret questions, hashed secret answers, and some other internal forum-related data.
The SQL dump held the details of 499,593 users. LeakedSource told Softpedia that the data is valid, and trying to register an account with any of the email addresses yields an error for an existing active account.
According to LeakedSource, nine percent of the passwords were hashed using MD5, and the company managed to reverse these passwords back to their cleartext form.
The rest were hashed using the SHA256-Crypt algorithm. "It would take us about a year to crack an estimated 60-70% of them," LeakedSource explained. "This method of password storage is far superior to nearly every website we've seen thus far."
Softpedia has reached out to BTC-E and BitcoinTalk for additional comments.