Security Affairs
Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Open Exchange Rates discloses a security breach

Last week, Open Exchange Rates disclosed a data breach that exposed the personal information and hashed passwords for customers of its API service. Last week, the currency data provider Open Exchange Rates has disclosed a data breach that exposed the personal information and salted and hashed passwords for customers of its API service. Open Exchange […]

open exchange rates breach notification

Last week, Open Exchange Rates disclosed a data breach that exposed the personal information and hashed passwords for customers of its API service.

Last week, the currency data provider Open Exchange Rates has disclosed a data breach that exposed the personal information and salted and hashed passwords for customers of its API service.

Open Exchange Rates provides an API that allows its customers to obtain real-time and historical exchange rates for over 200 world currencies. The APT is used by several companies, including Shopify, Coinbase, and Kickstarter.

The company discovered the security breach while investigating a network issue that caused delays in its services.

The investigation revealed that an unauthorized user had gained access to their network and a database that contained the user data.

“Upon further examination, we determined that the unauthorised user appeared to have initially gained access on 9 February 2020, and could have gained access to a database in which we store user data.” reads the data breach notification. “Whilst our investigations are ongoing, we have also found evidence indicating that information contained in this database is likely to have been extracted from our network.”

https://twitter.com/SylvieLorxu/status/1238149687200358401

In response to the incident, Open Exchange Rates has forced a password reset for all accounts created before March 2, 2020.

Open Exchange Rates recommends users to generate new API IDs using the account dashboard to access the service.

The security breach took place on February 9, 2020, and lasted since March 2, 2020, the company is aware that the unauthorized users might have extracted data from its systems due to a network misconfiguration.

The security breach exposed name, email addresses, encrypted/hashed passwords, IP addresses, App IDs (32-character strings used to make requests to our service) associated with users’ accounts, personal and/or business names and addresses for some users, country of residence (if provided, website address (if provided).

Stolen data could be used by threat actors to target organizations with spear-phishing campaigns.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – data breach, cybercrime)

[adrotate banner=”5″]

[adrotate banner=”13″]