On October 24, the Coinhive team announced that their account for their DNS provider was accessed by a malicious actor on October 23. Hackers hijacked Coinhive’s DNS records and modified them to redirect requests for coinhive.min.js to another server.
The company has apologized for the incident, which was reportedly caused by a weak password that was probably leaked in the 2014 Kickstarter breach—of course, this is not the first time reused passwords has caused problems. Coinhive mentions that they are actually using 2FA and unique passwords, but neglected to update their older account with their DNS provider.
The announcement emphasized that no account information was leaked and the company's web and database servers were not accessed. The company plans to reimburse users by crediting all sites with an additional 12 hours of their daily average hashrate.
This incident highlights the importance of proper online account security. Using complex and unique passwords is a must, and enterprises must take advantage of all security features their service provider offers. Here are some other tips:
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.