Coin Cloud Prevents Second Data Breach in a Year

Coin Cloud Prevents Second Data Breach in a Year

By

1 day agoMon Dec 16 2024 09:55:24

Low angle view of a towering modern skyscraper with glass windows reflecting clouds against a dramatic sky.
Photo: Pixabay / Pexels

Coin-Cloud-Prevents-Second-Data-Breach-in-a-Year

Reading Time: 2 minutes

AdvertisementDon't Outlive Your Benefits — Long-Term Care insurance with unlimited LTC funds for as long as you live. Call 1-800-317-0625
  • Defuncy crypto ATM company Coin Cloud has prevented a second hack within a year
  • Hackers tried to steal the personal data of tens of thousands of former customers
  • Coin Cloud suffered a major data breach last year, which saw 300,000 customers’ data stolen

Bankrupt crypto ATM operator Coin Cloud has prevented a second devastating hack in a year after someone tried to steal the personal data of 58,000 former customers. A filing with the Maine Attorney General reveals that Coin Cloud, which filed for bankruptcy in February 2023, suffered the breach on 30 September, informing customers just last week. In 2023, the sensitive personal information of about 300,000 customers across the United States and Brazil was stolen, including dates of birth and customer photographs.

AdvertisementDon't Outlive Your Benefits — Long-Term Care insurance with unlimited LTC funds for as long as you live. Call 1-800-317-0625

Coin Cloud Prevents a Repeat

Coin Cloud filed for bankruptcy in February 2023 at the height of the crypto winter, a move which left security experts concerned about the personal data held on its servers. Their concerns were proved correct last November when cybersecurity collective vx-underground revealed that hackers had claimed to have stolen 70,000 pictures of customers taken from cameras embedded in the ATMs, as well as the personal data of 300,000 customers, including full names, email addresses, telephone numbers, physical addresses, Social Security numbers, and dates of birth.

In addition to personal data, the attackers claimed to have obtained the source code for Coin Cloud’s backend systems, potentially exposing the company’s internal operations and security mechanisms. Coin Cloud never publicly acknowledged how the hackers accessed their systems, leading to further concerns that a repeat could occur, which it very nearly did.

A low-angle shot of modern skyscrapers with reflections in glass windows against a cloudy sky.
Photo: Pixabay / Pexels

New Hack Targeted 58,000 Customers

The new hack took place in September, with Coin Cloud filing a notice with the Maine Attorney General on 18 November. It sent a letter to all those affected last week, in which it revealed that hackers “gained unauthorized access to one of our servers by exploiting a vulnerability in software provided by a third party.” According to contract auditors at crypto cybersecurity firm Hacken Ataberk Yavuzer and Olesia Bilenka, the incident occurred due to an “unpatched or outdated GitLab system,” adding that “inadequate server segmentation” could have allowed attackers to access sensitive customer data.

AdvertisementDon't Outlive Your Benefits — Long-Term Care insurance with unlimited LTC funds for as long as you live. Call 1-800-317-0625

This time around, however, Coin Cloud managed to prevent more damage:

Upon discovery of the incident, our team immediately shut down our platform, isolated the bad actor, and secured the compromised server. We also made immediate enhancements to our systems, security, and practices.

AdvertisementDon't Outlive Your Benefits — Long-Term Care insurance with unlimited LTC funds for as long as you live. Call 1-800-317-0625

Despite no data being stolen this time round, Coin Cloud is still advising customers to take the following steps:

  • Monitor their financial accounts for any unusual activity
  • Consider placing fraud alerts or credit freezes with major credit bureaus
  • Be vigilant for phishing attempts or suspicious communications
  • Consult with identity theft protection services for further assistance

This incident underscores the critical importance of robust cybersecurity measures, especially for companies handling sensitive personal and financial data. It also highlights the potential long-term risks associated with data breaches, as information can remain vulnerable even after a company’s operations have ceased.

Read More

Join the conversation

Your email address will not be published. Be respectful — keep it constructive.

AdvertisementDon't Outlive Your Benefits — Long-Term Care insurance with unlimited LTC funds for as long as you live. Call 1-800-317-0625
AdvertisementDon't Outlive Your Benefits — Long-Term Care insurance with unlimited LTC funds for as long as you live. Call 1-800-317-0625