LiteBit.eu — a multi-currency exchange based in the Netherlands — has suffered data breaches two months in a row.
According to emails sent to affected customers after each event, no Bitcoin or altcoin funds were stolen in any of these two incidents.
The company says the attacker only pilfered user personal information, such as emails, hashed passwords, bank account numbers (IBANs), telephone numbers, and home addresses.
August 2017 breach
The first incident took place on August 5, and the company sent out the following email to affected customers after it detected suspicious activity on one of its servers and fixed the security hole.
The cause of the leak is known, and the problems have now been solved. It is not clear whether data has actually been stolen. In the worst case, an unauthorized person has gained access to yours; Email address, encrypted password, IBAN, phone number, address and your portfolio data.
What does this mean to you? For users who have 2-step authentication, it’s very important that they reset it. We also recommend that you enable this additional security measure, for customers who have not already done so.
In addition, it is important to change your password regularly.
September 2017 breach
The second breach took place last week, on September 12, six weeks after the first incident. This time around, the source of the breach was with one of LiteBit’s “suppliers.”
Again, the exchange said the hacker made off only with PII and user funds remained secure. Authorities have been informed. The content of the second email is below.
LiteBit email announcing September 2017 data breach (h/t anonymous tipster) pic.twitter.com/YEducGeaTr
— Catalin Cimpanu (@campuscodi) September 18, 2017
There has, however, been no breach of the LiteBit wallet servers. All coins belonging to customers are safe. Also, no verification documents have been accessed during the incident.
It is of high importance that you reset your 2FA settings, you can read more about this here: LiteBit 2FA.
We understand that the recent problems at LiteBit and our supplier have damaged your trust in oour organization. We want to show our deepest remorse. We have already taken measures and we will keep improving and expanding on these measures in the future in home to regain trust your trust. We have reported this incident to the police and the Dutch Data Protection Authority.