Yesterday, it was reported that Coinmama, an exchange with 1.3 million active users across the globe, suffered a security breach yesterday. That breach resulted in the theft of 450,000 email address and hashed password combinations. It was part of a broader attack which hit twenty-four websites.
“Give the people what they want,” said Richard Gardner, CEO of Modulus, a US-based developer of ultra-high-performance exchange technology. “The problem is that, while these breaches hit the press, the investor and customer kickback hasn’t been strong enough. How do we know? If consumers scrutinized security procedures thoroughly, companies would spend more resources in that arena. While this attack was not exclusive to the crypto-community, it is time that exchanges adopt a ‘security first’ mantra.”
Coffee Meets Bagel, a dating app of Shark Tank fame, and MyFitnessPal were also hit with similar attacks. According to reports, the hacker(s) infiltrated databases which were, mostly, running PostgreSQL software. It isn’t certain whether the hacker(s) identified a new vulnerability or if these companies failed to patch a previously known vulnerability.
“Some are asking, if there were no assets stolen, why is this important? In terms of dollars and cents, it’s important because wallets which fail to use two-factor authorization could have seen unauthorized withdrawals. One of the lessons from this debacle is that two-factor authorization is an easy way to enhance your security apparatus. That’s low-hanging fruit,” explained Gardner, an expert in cybersecurity.
Modulus is known throughout the financial technology segment as a leader in the development of high-frequency trading systems and exchanges. Over the past twenty years, the company has built a client list which includes Goldman Sachs, Merrill Lynch, JP Morgan Chase, Bank of America, Barclays, NASA, Siemens, Shell, Yahoo!, Microsoft, Cornell University, and the University of Chicago.
“Modulus has always found it important to have this conversation. The industry, as a whole, needs to come together and agree to a set of security standards that protect the public at large. Eventually, governments will provide a regulatory environment that is conducive to creating an industry-wide handbook. But, until then, it’s up to us,” noted Gardner.