Last week, the currency data provider Open Exchange Rates
Open Exchange Rates provides an API that allows its customers to obtain real-time and historical exchange rates for over 200 world currencies. The APT is used by several companies, including Shopify, Coinbase, and Kickstarter.
The company discovered the security breach while investigating a network issue that caused delays in its services.
The investigation revealed that an unauthorized user had gained access to their network and a database that contained the user data.
“Upon further examination, we determined that the unauthorised user appeared to have initially gained access on 9 February 2020, and could have gained access to a database in which we store user data.” reads the data breach notification. “Whilst our investigations are ongoing, we have also found evidence indicating that information contained in this database is likely to have been extracted from our network.”
In response to the incident, Open Exchange Rates
Open Exchange Rates recommends users to generate new API IDs using the account dashboard to access the service.
The security breach took place on February 9, 2020, and lasted
The security breach exposed name, email addresses, encrypted/hashed passwords, IP addresses, App IDs (32-character strings used to make requests to our service) associated with users’ accounts, personal and/or business names and addresses for some users, country of residence (if provided, website address (if provided).
Stolen data could be used by threat actors to target organizations with spear-