We at KickEX have always focused on security, and it has always been one of our top priorities. During the night of August 12–13, attackers used the authentication data of some of our users from publicly available databases of third-party services. They tried to hijack exchange users accounts by brute forcing passwords and withdraw funds from them.
The KickEX security service promptly detected and stopped the fraud attempts. Unfortunately, a few users lost their money for about $12 in total, because they didn’t have two-factor authentication (2FA) enabled. As this dangerous activity was continuing for some time, we made a decision to block those accounts without two-factor authentication. That allowed us to prevent the further fraudulent actions against our users. To regain access to such an account, the user will only need to change their password.
Password recovery instructions:
1. Click on “Forgot your password?” in the tab that opens, enter your email address, to which the account is registered on our platform. Then click the “Proceed” button.
2. If a captcha appears, enter the characters shown in the picture into the text field. Then click “Proceed”.
3. A message will show up informing you that an email has been sent to you with instructions. Check your email address.
4. In your mailbox, find the email notifying you to reset your password (with the subject line “Kick Ecosystem password change request”) and click “Reset your password”. If you don’t see this email in your inbox, please be sure to check your Spam and Unwanted Messages folders.
5. Click the link and you will be invited to enter a new unique password and its confirmation in the relevant field. Then click on the “Renew password” button.
6. After receiving confirmation that your password has been successfully changed, proceed to the regular login and password check by clicking the “Sign in” button.
Due to the incident, as well as due to more frequent hacking of crypto-exchanges and distribution of databases with stolen passwords, we strongly recommend you to follow the simple rules below. This way you will secure your account and your funds as much as possible.
Security recommendations for your passwords:
- Enable two-factor authentication (2FA) in the “Security” section in your account settings;
- Choose different passwords for each service (one for email, another for the one exchange, different — for other exchange etc);
- Change your passwords on a regular basis;
- Use only strong and complex passwords;
- Keep passwords in a secure place;
- Do NOT use password autosave option in the browser;
- Do NOT create hints for your passwords;
- Do NOT send passwords to yourself by e-mail;
- Check whether your data has ever been leaked here;
- Beware of phishing links and malware;
- Think about your phone security (use pin-code and TouchID);
- Install antivirus software.
If you receive an e-mail about a new login from an IP-address that is obviously not yours, freeze your account as soon as possible using the relevant link from the same email and report the suspicious activity to our support team at firstname.lastname@example.org
Stay safe with KickEX!