The private data of 1.4 million users of the GateHub crypto wallet service have been compromised, according to security researcher Troy Hunt.
Hunt, who created a website that provides information about compromised passwords, haveibeenpwned.com, told Ars Technica that information containing cryptographically secured passwords and personal information for a total of 2.2 million users across two websites have been posted online.
In addition to the 1.4 million accounts from GateHub that were compromised, Hunt said an additional 800,000 accounts from gaming bot provider EpicBot were also breached.
The hacker who posted the GateHub dump on a hacking forum said it included two-factor authentication keys, mnemonic phrases, and wallet hashes. GateHub officials, however, suggest that wallet hashes were not obtained, according to Ars Technica.
Hunt took a representative sample of accounts from online databases, and said that all emails he checked were registered to accounts from the sites.
GateHub had been previously hacked in June, when 18,473 encrypted user accounts were accessed by hackers. Hackers targeted things like email addresses, hashed passwords, and encrypted XRP ledger wallets secret keys.
GateHub’s previous hack resulted in the loss of almost $10 million. At the time, GateHub sent out a phishing warning about malicious emails that instructed users to move funds to a hosted wallet created by GateHub.
A report by GateHub community member Thomas Silkjær in June said that the hack wasn’t a phishing attack or a breach of client accounts. Instead, Silkjær suggested it may have been a leak of information from an old database.
Whether the June hack is related to the recent data dump is currently unknown, as is its origin.