It has been reported by Troy Hunt, the security researcher who provides the “Have I Been Pwned” free breach notification service, that 1.4 million passwords and personal information of customers of GateHub, a cryptocurrency wallet service provider, and 800,000 customers of EpicBot gaming bot provider RuneScape are for sale on the web.
According to Hunt, that personal information includes email addresses and passwords that were cryptographically hashed with bcrypt, as well as two-factor authentication keys, mnemonic phrases, wallet hashes, user names and IP addresses.
Security researchers are suggesting that users of these two services change their passwords as soon as possible, replace mnemonic phrases, change passwords of any other sites where the same password may have been used, and be wary of spear-phishing attacks.