Millions of email addresses associated with the crypto market data website CoinMarketCap (CMC) have reportedly been compromised.
According to the data security breach website haveibeenpwned, 3.1 million addresses are now trading on “hacking forums.”
CMC said Saturday it had become aware that batches of data had shown up online “purporting to be a list of user accounts.” It is unclear how the addresses were obtained. The website, owned by leading global crypto exchange Binance, also said only addresses and not passwords had been exposed though it discovered a “correlation” and warned users to use separate and unique passwords across multiple sites.
“At this point in our investigation, we’ve come to the conclusion that the leak did not come from CoinMarketCap servers,” CMC said on its blog. “As no passwords are included in the data we have seen, we believe that it is most likely sourced from another platform where users may have reused passwords across multiple sites.”
CMC did not immediately respond to CoinDesk’s request for comment.
Read more: Leaked Slides Show How Chainalysis Flags Crypto Suspects for Cops
UPDATE (Oct. 24, 14:40 UTC): Adds clarifying language throughout, removes redundant sentence attributed to anonymous source.