Coinhive said no account information was leaked, and its web and database servers were not accessed.
“The cause of this incident was an unsecured password for our Cloudflare account that was probably leaked with the Kickstarter data breach back in 2014,” said Coinhive
“We have learned hard lessons about security and used 2FA and unique passwords with all services since, but we neglected to update our years-old Cloudflare account.”
Coinhive apologised for the oversight and said it is looking at ways to reimburse users who lost revenue.
“Our current plan is to credit all sites with an additional 12 hours of their the daily average hashrate.”
Join us on Telegram