Important message about Coinmama account security

Today, February 15, 2019 Coinmama was informed of a list of emails and hashed passwords that were posted on a dark web registry. Our Security Team is investigating, and based on the information at hand, we believe the intrusion is limited to about 450,000 email addresses and hashed passwords of users who registered until August 5th, 2017. This comes as part of a larger breach affecting 30 companies and a total of 841 million user records.

As of February 15, 2019, there has been no evidence of this data being used by perpetrators. Given the dated nature of the published data, we have no reason to suspect that any other Coinmama systems are compromised. Coinmama does not store credit card information, and do not hold user funds.

What we are doing

As soon as we became aware of the incident, we immediately established an Incident Response Team to identify the nature and scope of the intrusion. We also took immediate action consulting with leading cybersecurity firms, and are taking steps to protect our customers, including:

Notifying users that were affected by this breach with steps to safeguard their accounts and protect their data

Requiring users who are possibly affected to reset their password upon next login and urging all other users to verify that their passwords are unique and strong

Monitoring our systems for suspicious activity

Adding continuous enhancements to our systems to detect and prevent unauthorized access to user information

Monitoring for any external indication that the compromised data is being used, and keeping our customers notified

What this means for you

We take your privacy very seriously and are alerting you about this incident so you can take steps to help protect your information:

If you registered prior to August 5th, 2017, immediately change your password and change it on any other service using the same login details (email and password). We’ve sent you an email with further instructions on how to protect your account and data

We’re taking this opportunity to remind all users to use a unique password with at least 8 characters, using both upper-case and lower-case letters and a mixture of number and symbols

Be careful of any unexpected communication that asks for your personal data or directs you to a website asking for your personal data

Avoid clicking links or downloading attachments from suspicious emails

Contact us

For questions, comments or any information you might have that could help us mitigate and communicate this incident, send an email at privacy@coinmama.com

We will keep this post updated with any new information that our investigation might uncover.