SealsWithClubs, an online poker website that deals in the virtual currency Bitcoin has been hacked, according to technical media reports emanating from the United States. The reports claim that the credentials of 42,000 users have been obtained by the attackers.
In a statement posted on its website, SealsWithClubs revealed that the data centre it used until November this year was breached, resulting in the user database becoming compromised.
The company claims that passwords were salted and hashed, but users are in any case advised to change their passwords next time they log in.
“Please do so at your earliest opportunity. If your Seals password was used for any other purpose you should reset those passwords too as a precaution,” the poker site’s representatives said.
The passwords were hashed using the SHA1 algorithm, reports Ars Technica, which advises that it has found forum posts in which one user was asking for help with cracking 42,000 salted SHA1 passwords.
“The individual who started the thread is offering $20 in Bitcoins for every 1,000 cracked passwords,” Ars Technica reported.
“Thousands of them have already been cracked. The first 1,000 were obtained less than 10 minutes after the archive containing the hashes and salts was made available.”
The management at SealsWithClubs says that it’s planning the introduction of additional security measures in the near future. Two-factor authentication has already been rolled out, but users will also be able to lock the withdrawal address, lock the transfer feature, and access the account only from certain IP addresses.
Several hours ago, the poker website announced on Twitter that transfers had been disabled, and that it has notified customers that cashouts and support emails would be slower than usual.