Bitcoin vendor Mt.Gox & customers compromised

It appears that someone who performs audits on our system and had read-only access to our database had their computer compromised. This allowed for someone to pull our database. The site was not compromised with a SQL injection as many are reporting, so in effect the site was not hacked.

via Huge Bitcoin sell off due to a compromised account – rollback : Mt.Gox.

But, the hacker made off with a bunch of unsalted, MD5-hashed passwords and user accounts… which leads to all other account using those same credentials.

It would be interesting to know where that auditor was stationed – whether inside the Mt.Gox company or external – and if they can tell whether the hacker who compromised the auditor’s computer was internal or external.

It’s been a bad weekend for Mt.Gox, which until now has been the most popular method for converting between Bitcoins and more conventional currencies. Earlier in the weekend, it was reported that the site was vulnerable to a cross-site request forgery in which a logged-in user could be tricked into submitting fraudulent transaction requests.

via Bitcoin prices plummet on hacked exchange.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s