The online service provider Open Exchange Rates announced this week that they have suffered a data breach. Open Exchange Rates provides a service used by a number of large companies that allows them to look up currency exchange rates. The breach exposed the personal information and salted and hashed passwords for the customers of their API service. Open Exchange Rates was investigating a network misconfiguration when they discovered the unauthorized access of their network and database. It was determined that the hacker had gained unauthorized access from February 9th to March 2nd of this year. Open Exchange Rates has since disabled the passwords on all accounts forcing users to create new passwords immediately.
Along with changing passwords for Open Exchange Rates accounts it is important to also change passwords for any accounts on other services that used the same or similar passwords. It is recommended to never use the same password for more than one account because data breaches at one service provider create opportunities for attackers to attempt to compromise many online service accounts using the same passwords. The compromise of email accounts along with the personal data opens victims up to increased chances of phishing attempts and criminal schemes. Open Exchange Rates is also encouraging users to generate new API IDs prior to accessing their service. More information on this incident can be found here: https://www.bleepingcomputer.com/news/security/open-exchange-rates-data-breach-affects-users-of-well-known-orgs/