World’s largest Bitcoin poker website 'SealsWithClubs' has been compromised and around 42,000 users' credentials are at risk.
Seals With Club has issued a Mandatory Password Reset warning to their users, according to a statement published on the website.
The service admitted their database had been compromised and revealed that the data center used until November was breached, resulting 42,020 hashed password theft.
"Passwords were salted and hashed per user, but to be safe every user MUST change their password when they next log in. Please do so at your earliest opportunity. If your Seals password was used for any other purpose you should reset those passwords too as a precaution." and "Transfers may be disabled for a short period of time.".
Seals With Clubs used SHA1 hash functions to encrypt the passwords, but SHA1 is outdated and easy to crack if not salted.
'StacyM', a user then posted the hashed passwords on a web forum operated by commercial password cracking software 'InsidePro' and asked for them to be cracked for $20 in bitcoins per 1000 unique passwords. 2/3rd on the list were cracked by the next day and some cracked passwords are “bitcoin1000000”, “sealswithclubs”, “88seals88” and “pokerseals”.
The site also mentioned that they are working to improve security of the website and would implement additional security measures, including two-factor authentication and login from a limited number of IP addresses.