Open Exchange Rates

Open Exchange Rates, also known as OXR, operates as a provider of financial data services. Its core offering involves delivering foreign exchange rate information through application programming interfaces (APIs). These services cater to businesses and developers requiring reliable and accessible currency exchange data for integration into their own applications, websites, or financial systems. The company facilitates access to current and historical exchange rates for various global currencies. Its customer base includes organizations utilizing its API to power financial features or track currency fluctuations.

A significant incident impacting Open Exchange Rates occurred on February 9, 2020. An unauthorized actor successfully breached the company's systems by exploiting a network misconfiguration, resulting in prolonged unauthorized access. This breach potentially led to the extraction of sensitive customer data. The compromised information encompassed registered user names, email addresses, and passwords stored in a salted and hashed format. Additionally, IP login histories, active API keys, and optional details provided by users, such as physical addresses and website URLs, were exposed. The incident had broader implications because the exposed API credentials were used by prominent organizations, elevating risks including potential misuse of those services and targeted phishing campaigns against affected users. In response, Open Exchange Rates disabled all legacy account passwords and strongly advised its customers to regenerate their API keys as essential security measures following the breach.