[2015-07-23] Customer Data Leaked in Possible Bitcoin Vendor Breach

[klarki]

A UK bitcoin vendor may have suffered a security breach, temporarily exposing customer data to the public.

Visitors to the website for CoinCut, based in London, were able to access directories that included images of passports, credit and debit cards and personal IDs. The site was taken offline, and it is unclear how long the information was publicly available.

CoinCut representative Dax Chan said
 that the team is "treating this as malicious", adding that further investigation is taking place at this time.

He explained:

"We're trying to figure out how that particular directory was made visible to the world – and how the problem leaked out so promptly given that we're a moderately small bitcoin vendor in the grand scheme of things."

As credit and debit card information was publicly viewable, CoinCut customers should monitor card activity for suspicious transactions.

The leak of personal information could also potentially raise the risk of identity fraud for those affected.

CoinDesk will continue monitoring this developing story.

Security lock image via Shutterstock

Source: http://www.coindesk.com/customer-data-leaked-in-possible-bitcoin-vendor-breach/

[jdebunt]

Another lengthy article about what happened, typical Coindesk style as of late.....But even so, this is not good news. Time for ID verification over the blockchain rather than submitting documents!

[Kprawn]

This must be made clear... It's in no way Bitcoins fault. It's a vulnerability that was exploited on a vendor's website. We do not blame credit card companies when a porn site gets hacked and the credit card

details of 1000's of people get leaked. {Well we should, because the credit card system sux}

The Bitcoin protocol is still running fine, even though the website was hacked. It's just a good example where information gets hacked, where a centralized model is used to store it.

The thing that did fail here, was the regulations forcing vendors to collect this data, and the vendor not keeping that information safe.   

[jdebunt]

This must be made clear... It's in no way Bitcoins fault. It's a vulnerability that was exploited on a vendor's website. We do not blame credit card companies when a porn site gets hacked and the credit card

details of 1000's of people get leaked. {Well we should, because the credit card system sux}

The Bitcoin protocol is still running fine, even though the website was hacked. It's just a good example where information gets hacked, where a centralized model is used to store it.

The thing that did fail here, was the regulations forcing vendors to collect this data, and the vendor not keeping that information safe.   

Absolutely, it's time to throw out these old systems of "send us your docs and we will store them for you"