An American ATM Bitcoin operator, byte Federal, recently revealed a cyber-incident. This incident was caused by a vulnerability of a Gitlab and led to the exposure of 58,000 users.
Byte Federal became aware of unauthorized access on November 18 and closed the platform in order to contain the malicious actor. According to Bute Federal, there was no evidence that personal data has been compromised, or that the assets or user funds have been lost. However, user data has been subject to the attempt of unauthorized access, which includes:
- Names
- Birth dates
- Address
- Phone number
- E-mail address
- Transaction activity
- Government identification
- Social security number
- User photographs
Roger Grimes, a defense evangelist based on data at Knowbe4, comments: “It seems that Byte Federal does all the good things in response to this security violation. Other companies should take note of it. My biggest concern would be the fund or the private keys to a user, but that does not seem to have happened, and it is a good thing. However, the information to which the striker had access could easily be used in sophisticated spear phishing attacks using themes related to crypto. It is really the only remaining concern. Federal bytes customers must understand that some attackers intend to steal their cryptographic value could use information learned against them in sophisticated phishing attacks and act accordingly. »»
