In the worst case scenario, there has been a breach or a leak. As we remember, even if a villain gains access to your account and decides to withdraw your funds,
a) You have to confirm the withdrawal in an email Coinpot.co sends you within 60 minutes after initiating the transaction. Otherwise, the transaction will not go through. …if you are using the same password for both Coinpot and your email address… Oh, well.
b) In the log of your Coinpot account you can see unsuccessful login attempts, if there are any.
c) For a few hours after you initiate a withdrawal, the request remains “pending” and has to presumably, be approved manually by Coinpot.co. Which gives you some extra time to react.
“CoinPot has NOT been hacked – your data/earnings are safe!
Posted: 2018-03-08 08:00 UTC
We have been made aware that there are some posts on forums etc suggesting that CoinPot has been hacked. We have fully investigated this and can confirm that there has been no breach of our systems. All of your private and sensitive information (i.e. passwords) are securely hashed before being safely stored in our databases so it is impossible for us or anyone else to read these, even if we were ever hacked in the future. We follow all industry best-practices to ensure the highest level of security.
The main part of the problem is that many users continue to use the same sign-in credentials (i.e. email/password) on multiple sites. Therefore when one of these other sites is hacked or leaks password data this can then also be used to sign in to CoinPot. This is what we believe has happened in this case. All accounts that we know to be affected by this have now been locked to prevent unathorised access – users will need to reset their password in this case”.
What actually happened: some login details were stolen, leaked, or acquired otherwise. A individual appeared in a chatroom and offered the list to the general public. Some have tried and, indeed, have gained access to another person’s account.
So… View this as a warning bell, change your password to something difficult to guess, set up 2FA and your funds will be safer than in Fort Knox.
…to be continued.