Coinhive’s DNS Hack Was Due To Password Reuse

By   ISBuzz Team
Writer , Information Security Buzz | Oct 30, 2017 06:15 am PST

News broke yesterday morning that an unknown hacker hijacked Coinhive’s DNS server and replaced the legitimate Coinhive JavaScript in-browser miner with a malicious version that mined Monero for the hacker’s own wallet. Helming, Director of Product Management at DomainTools commented below.

Helming, Director of Product Management at DomainTools

tim helming“This incident illustrates perfectly how DNS credentials are, in many cases, the keys to the kingdom. Whoever owns DNS (legitimately or maliciously) owns the domain and its contents. It also underscores the dangers inherent in both data breaches, and poor password practices. Coinhive have suggested this incident was likely as a result of the Cloudfare data breach in 2014, and their failure to update the account in question after the fact. While data breaches are something of a fact of like in the current cyber-world, a company such as Coinhive should have had two-factor authentication in order to limit the damage to purely a data incident. The fact that this incident allowed the hacker in question to mine Monero means that Coinhive have had to learn some relatively simple lessons, the hard way.”