While no user funds were stolen, this breach could still threaten users if the threat actor managed to crack the hashed passwords, which is more likely if any users chose passwords using names, words, or reused passwords leaked from other websites. It is recommended that everyone using the exchange change their password as a precaution. Furthermore, users should enable Multi-Factor Authentication (MFA). MFA stops an attacker from just logging into accounts as they would need the secondary code to complete authentication. When setting MFA up, a trusted authenticator application should be used instead of having SMS messages sent to phones as attackers could manage to take over a phone number to steal SMS text messages with codes. KeepChange took the security precautions a step further, suspending trading until Thursday, February 11 to allow time for people to change their passwords and enabling a security feature named Login Guard, which sends a verification email to users when they are trying to login. Though Login Guard may seem substantial enough, people should still look into enabling other MFA on their accounts. As always, passwords should not be re-used across different accounts to prevent attackers from stealing passwords and attempting to login to other accounts associated with the breached email.
More can be read here: https://www.zdnet.com/article/keepchange-said-it-stopped-hackers-from-stealing-user-funds-but-not-personal-data/