Last week, the currency data provider Open Exchange Rates
Open Exchange Rates provides an API that allows its customers to obtain real-time and historical exchange rates for over 200 world currencies. The APT is used by several companies, including Shopify, Coinbase, and Kickstarter.
The company discovered the security breach while investigating a network issue that caused delays in its services.
The investigation revealed that an unauthorized user had gained access to their network and a database that contained the user data.
“Upon further examination, we determined that the unauthorised user appeared to have initially gained access on 9 February 2020, and could have gained access to a database in which we store user data.” reads the data breach notification. “Whilst our investigations are ongoing, we have also found evidence indicating that information contained in this database is likely to have been extracted from our network.”
In response to the incident, Open Exchange Rates
Open Exchange Rates recommends users to generate new API IDs using the account dashboard to access the service.
The security breach took place on February 9, 2020, and lasted
The security breach exposed name, email addresses, encrypted/hashed passwords, IP addresses, App IDs (32-character strings used to make requests to our service) associated with users’ accounts, personal and/or business names and addresses for some users, country of residence (if provided, website address (if provided).
Stolen data could be used by threat actors to target organizations with spear-
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.