Coinmama
 

Dear customer,


On Sunday, February 17, we learned that an unauthorized party acquired data associated with 1.4 million Coinmama accounts. This information follows our internal investigation into a large breach
that has affected 30 companies and 841 million users.

We're taking this incident extremely seriously, and want to give an overview of what it means for you, as well as the immediate actions we're taking to protect your security.


What happened

In order to sell cryptocurrency, we are required by regulation to collect certain personal information from our customers, including your name, address, email, gender and ID number. From some of our customers we are also required to collect images and copies of documents, including government issued IDs. We do not store or record any credit card information, nor do we hold any customer funds.

On February 17, during an ongoing investigation of a financial fraud incident that occurred in December 2018, we found evidence that an unauthorized party acquired data of our customers, including their personal information as mentioned above.

As of February 20, 2019, there has been no evidence of this information being used by perpetrators.


Dear customer,

Today, February 15, 2019, we learned of a breach of about 450,000 emails and hashed passwords. We are still investigating the incident, but have reason to believe your account may be affected, and want to take immediate steps to secure it:
Change your Coinmama password
. As a precautionary measure, we've reset your password. Click the link to create a new password. We recommend a unique password with 8 characters or more, using both upper-case and lower-case letters and a mixture of number and symbols
If you were using the same email and password to access other products and services, change those passwords as well
Given the dated nature of the published data, we have no reason to suspect that any other Coinmama systems are compromised. Having said that, we take your privacy seriously, and are monitoring our systems for suspicious activity.

We are also working closely with leading cybersecurity firms to understand the scope of the incident, and enhancing our systems to detect and prevent unauthorized access to user information.

What we are doing


In light of this new evidence, we immediately expanded our investigation efforts, working closely with several leading security firms to determine the scope of the incident.

Second, we are devoting all resources necessary to accelerate the ongoing security enhancements to our systems. We are working diligently to protect your privacy, including:
Email notification. We began sending emails on a rolling basis on February 15, 2019 to affected customers.
Password reset. Since February 15, we started expiring the passwords of customers’ accounts. We recommend that you set a new password
, and change it on any other service using the same credentials (email and password).
Law enforcement. We have reported this incident to law enforcement authorities and will continue to support their investigation.
Data protection authorities. We are notifying the applicable regulatory authorities of this matter.
Monitoring. We are taking additional measures to monitor any suspicious activity relating to our customers’ accounts.
Third, we have also established a dedicated support team to answer your questions 7 days a week. If you have questions about this incident, reply to this email. You can also contact our designated DPO, Yaki Oliel For other support issues, contact support We may experience high volume initially, and appreciate your patience.

What you can do


Cyber crime is a growing threat that affects billions of people worldwide and presents a daily battle for companies, across all industries. Below are some additional steps you can take to protect your privacy online:
Be vigilant against third parties attempting to gather information by deception (commonly known as "phishing
"), such as suspicious emails or links to fake websites.
Use strong passwords and do not use the same passwords for multiple accounts (for best practices about creating secure passwords, click here).

Make a habit of reviewing your accounts for suspicious activities from time to time.
If you believe you are the victim of identity theft or that your personal data has been misused, immediately contact your national data protection authority or local law enforcement.
If you are a resident of the United States: given the applicable regulations that apply in each state, click here to learn more about actions you can take.

We will continue to update everyone as our investigation progresses in this blog post
,and address commonly asked questions in our dedicated FAQ


I want to personally apologize for the distress this news may cause, and thank you for your continued support and understanding during these trying times. Your loyalty is truly appreciated, and we will work harder than ever to keep it.

Sincerely,
Nimi

Like prepaid cards, never leave what you aren't willing to lose on crypto buy/sell platforms. Seems at least once a year there is news about one being hacked. I change my passwords every couple of months. I also use 2 step verification

What a shit show.

I seem to be one of the few lucky guys who never got scammed and made a killing with crypto. I got out right on time.

crypto wallets were not hacked unlike most exchanges they ask user to set external bitcoin address before making purchase , most investors learned this lesson and don't store cryptocurrencies with online wallets . but the problem with coinmama is that hackers stole user data including IDs ,names , addresses :1orglaugh .

hold your own keys (as bitcoin was intended) and never have to worry about this shit happening, or any 3rd party fuckups, hacks, exits, etc