Liquid, one of today's top 20 cryptocurrency exchange portals, has disclosed a security breach on Wednesday.
In a blog post on its website, the company said that last week, on Friday, November 13, a hacker managed to breach employee email accounts and pivot to its internal network.
The company said it detected the intrusion before the hacker stole any funds, but a subsequent investigation revealed that the attacker was able to collect personal information from Liquid's database that stored user details. Stolen information included real name, home address, emails, and encrypted passwords.
Liquid CEO Mike Kayamori said the company is still investigating if the intruder was able to steal proofs-of-identity that all users must provide when making their first transaction on the platform.
"We do not believe there is an immediate threat to your account due to our use of strong password encryption. Nevertheless, we recommend that all Liquid customers change their password and 2FA credentials at the earliest convenience," Kayamori said.