Bitcoin ATM Company Coin Cloud Suffers Massive Data Breach, Exposing Personal Information of 300,000 Customers
In an era where digital currencies are becoming the norm, the security of these digital assets and their associated data has never been more critical. The latest victim in a series of cyber-attacks targeting cryptocurrency platforms is Coin Cloud, a renowned Bitcoin ATM company. This breach, first brought to light by the pseudonymous cybersecurity account Vx-underground on X (previously known as Twitter), marks a significant escalation in the cyber warfare waged against the crypto industry.
The magnitude of this breach is alarming: approximately 300,000 customers’ personal data have been compromised. The anonymous group of hackers behind this intrusion did not stop at merely acquiring basic personal information. They claim to have obtained intricate details such as customers’ occupations, physical addresses, social security numbers, and even 70,000 customer selfie verification data. This comprehensive data heist includes sensitive information about United States residents as well as users from Brazil.
An unknown Threat Actor(s) claim to have compromised Coin Cloud.
They allege to have exfiltrated 70,000 customer selfies (via ATM cameras), and 300,000 customers PII which includes Social Security Number, Date of Birth, First Name, Last Name, e-mail address, Telephone Number,… pic.twitter.com/TJ7RUK18Yq
— vx-underground (@vxunderground) November 12, 2023
The hackers reportedly accessed the source code for Coin Cloud’s back end. This aspect of the attack is particularly concerning as it may suggest potential vulnerabilities in the system that could be exploited further, not just in the stolen data but in the very architecture of Coin Cloud’s digital infrastructure.
At the time of writing, an official statement from Coin Cloud regarding the hack remains pending.
The timing of this breach is particularly noteworthy. Coin Cloud filed for bankruptcy in February following a tumultuous period marked by “business difficulties and legal problems.” This culminated in a staggering loss of $40 million over the first nine months of 2022, as revealed by the company’s former CEO to the Wall Street Journal. The bankruptcy and the data breach could be coincidental, but their proximity in timing raises questions about the company’s overall cybersecurity posture and the challenges it faces in a rapidly evolving digital landscape.
