cex.io emails database went to spammers

I went over my spam folder on gmail and found out that there are couple of emails with the same subject line, both email addresses used on one and only website – cex.io (I know that for sure, as I use catch all on multiple domains, all forwarded to my main gmail account), keeping in mind that history repeats itself and mtgox had some security problems, I was surprised to see that spam body contained  a message promoting a forum filled up with credit card database trading threads, ‘unbelievably’ cheap hot selling merchandise with strictly non-refundable and mostly anonymous methods of payment and ‘hax0rz’ style design.

I’m sure that cex.io email database was leaked, it could be a result of actual attack or maybe an employee, abusing access to database dumped the whole thing, as they have enough sources of income. In between writing these lines I ran a google search and realized that those are not news, that people assume that cex.io themselves are selling the db to spammers and it couldn’t be true, ghash.io is the biggest mining pool on the interwebs, so they have stable income for sure, also, reputation is more important than couple of grand just once.

In other words, if you use cex.io for trading or ghash.io (they are the same company) – you’re screwed and will probably lose your coins.

Be safe, use two factors or notifications to stay on the healthy side.