Tuesday, November 24, 01:34
Home security Open Exchange Rates - Data breach: Reported by known companies

Open Exchange Rates - Data breach: Reported by known companies

Η Open Exchange Rates he said infringement data who exposed them personal information and salted and hashed passwords of customers its API service.

Open Exchange Rates provides an API that allows organizations to explore exchange rates for more than 200 global currencies. The service site states that its API is used by known companies such as Etsy, Shopify, Coinbase, Kickstarter and more.

In the emails sent by Open Exchange Rates to notify infringement data, explains that the incident was accidentally discovered. THE service did a research on a problem in network, which caused delays. Then, he discovered that one an unauthorized user had acquired access on network and a database containing information users.

Upon further investigation, it was discovered that the hacker it had access in systems of the service for almost a month (between 9 February 2020 and 2 March 2020). Open Exchange Rates has stated that the data contained in the database may have been stolen.

Exposed user information includes:

  • Name and email address
  • Encrypted / hashed password used to gain access to the account associated with the platform
  • IP addresses from which users log on to the platform
  • App IDs (32-character strings used to submit requests to the service) associated with the user account
  • Business name and address
  • Country of residence
  • Site address

Because of this breach, Open Exchange Rates has turn off passwords for all of them accounts created before March 2, 2020 users should use this one link to set a new password.

If users have used the breached password in other accounts or sites, they have to change him there too.

In addition, they may have been exposed API keys for service. For this reason, Open Exchange Rates is recommended to all users to create new API IDs to access the service.

"They do not exist data proving that the keys to gain access to the API service, however they could be used to search for exchange rate information using your account ”.

Because this API is used by well-known organizations, Open Exchange Rates warns that stolen data could be used in targeted spear-Phishing campaigns. That is why companies should be very careful.

Users also need to activate two-factor authentication to all sites that have an account, to have more protection.


Please enter your comment!
Please enter your name here

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement


Details of Spotify users were exposed by hackers

A hacking team has gained unauthorized access to 350.000 Spotify accounts on the music streaming service. To achieve this ...

Black Friday: Tips for Secure Online Shopping

Black Friday and Cyber ​​Monday are two of the busiest days for online shopping. And of course ...

Photoshop: How to restore the old mode of Free Transform

Adobe recently changed the way Free Transform works. But you can restore the old way of working ...

EU: Ready to end end-to-end encryption?

End-to-end encryption is a security tool used by various applications, including Facebook Messenger, WhatsApp and Signal, for further ...

How to disable the "welcome tips" after the Windows 10 update

Windows 10 after an update sometimes opens a window with tips to show you what's new for ...

The Windows 10 KB4586819 update fixes several issues

Microsoft has released the cumulative non-security update KB4586819 preview for Windows 10 versions 1809, 1903 and 1909, with various fixes ...

Drupal websites are vulnerable to double-extension attacks!

The team behind Drupal Content Management System (CMS) released some security updates this week to fix a critical ...

Face recognition can identify bears and cows

Face recognition can be used to identify various animals such as bears and cows!

Google Workspace: How it unlocked the subscription software market

In fact, Google has made it easier for smaller players. A startup that starts in 2020 ...

Black Friday with online offers in COSMOTE and GERMANO

Press Release: Black Friday with online offers at COSMOTE and GERMANO November 23, 2020