On the night of October 24, unknown hackers hacked the Coinhive Miner's DNS server and redirected the production of crypto-currency to their own server. As reported by the Coinhive official blog, the hackers took advantage of the old password from Cloudflare, which was stolen from Kickstarter back in 2014.
Within six hours hackers mined the Monero cryptocurrency through thousands of computers of its victims around the world. The amount of damage to Coinhive users is not reported.
At the same time, the company reported that hackers did not have access to servers with databases and could not steal personal data.
We have learned hard lessons about security and used 2FA and unique passwords with all services since, but we neglected to update our years old Cloudflare account.
We're deeply sorry about this severe oversight.
Now the company is looking for opportunities to recover damages to its customers. In particular, it is planned to provide users with an additional 12 hours of using the service.