Change Your GateHub And EpicBot Passwords Now

It’s kind of a random pairing—I get it—but two new websites have joined ‘have i been pwned’s’ illustrious list of breached sites. One is a cryptocurrency wallet and the other is a RuneScape bot. These sound like small potatoes, but the two breaches have potentially affected up to 2.2 million users, and you’d be wise to do some checking (and changing) if you think you might fall into either group.

The easiest way to do this is to simply fire up the ‘have i been pwned’ website and enter your primary email address. If you’re affected by these breaches, or any others, you’ll know. Of course, you’ll probably also be able to remember whether you ever used the GateHub cryptocurrency wallet or EpicBot automation application for RuneScape. They’re both services for pretty specific functions, and I think you’d be able to recall if you’ve signed up for (or downloaded) either.

The two breaches differ slightly in their scope. As described on ‘have i been pwned:’

GateHub

“In October 2019, 1.4M accounts from the cryptocurrency wallet service GateHub were posted to a popular hacking forum. GateHub had previously acknowledged a data breach in June, albeit with a smaller number of impacted accounts. Data from the breach included email addresses, mnemonic phrases, wallet hashes and passwords stored as bcrypt hashes.”

EpicBot

“In September 2019, the RuneScape bot provider EpicBot suffered a data breach that impacted 817k subscribers. Data from the breach was subsequently shared on a popular hacking forum and included usernames, email and IP addresses and passwords stored as either salted MD5 or bcrypt hashes. EpicBot did not respond when contacted about the incident.”

Nevertheless, the common characteristic they share is that your hashed passwords have been compromised. While these would normally take a lot of time for a hacker to decrypt—years, says Ars Technica—that’s assuming each service correctly set up the hashing function it used (Bcrypt). If they messed something up, then it would be a lot easier to extract useful information (your password) from the hashed data.

Our advice? If you know you’ve used the same password for GateHub or EpicBot on other sites, which you shouldn’t do, go ahead and change that right now. Having a great password manager that can tell you where you’ve done this (and how many times) makes this process even easier, and we recommend switching over to one of these apps to manage your passwords going forward.

GateHub users, specifically, will also want to reset the “mnemonic phrases” they use to gain access to their accounts and wallets, as those are definitely in the wild.

Comments


Leave a Reply