Bitcoin Forum
October 28, 2020, 08:00:31 PM *
News: Latest Bitcoin Core release: 0.20.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 »  All
  Print  
Author Topic: Hacker Stole 1,000 Traders’ Personal Data From CryptoTrader.Tax  (Read 329 times)
spike420211
Sr. Member
****
Offline Offline

Activity: 1568
Merit: 371



View Profile
August 25, 2020, 10:54:04 AM
Merited by DdmrDdmr (2), vapourminer (1)
 #1

A hacker has stolen data on more than 1,000 users from CryptoTrader.Tax, an online service used to calculate and file taxes on cryptocurrency trades.

The hacker broke into a CryptoTrader.Tax marketing and customer service employee’s account on a support center platform, according to a source who came across the hacker on a dark web forum. With this access, the hacker could see customers’ names, email addresses, payment processor profiles and messages sometimes containing cryptocurrency incomes.

The hacker then screengrabbed samples of this sensitive information, posted them on the forum to entice potential buyers of the data trove and sent additional pictures to the source, who shared this evidence with CoinDesk.

David Kemmerer, a co-founder and the chief executive of CryptoTrader.Tax, confirmed to CoinDesk that a hacker gained unauthorized access on April 7 to the marketing and customer service employee’s account. The hacker was able to see support center details in the materials and downloaded a file containing 13,000 rows of information, including 1,082 unique email addresses, Kemmerer said.

CryptoTrader.Tax’s security team investigated the breach and found tax filing account passwords and CryptoTrader.Tax’s website were not compromised, Kemmerer said. The team then alerted parties affected by the breach and took steps to improve security measures and monitoring systems across internal and third-party applications, Kemmerer said.

https://www.coindesk.com/hacker-cryptotrader-tax

                     █████
                    ██████
                   ██████
                  ██████
                 ██████
                ██████
               ██████
              ██████
             ██████
            ██████
           ██████
          ██████
         ██████
        ██████    ██████████████████▄
       ██████     ███████████████████
      ██████                   █████
     ██████                   █████
    ██████                   █████
   ██████                   █████
  ██████
 ███████████████████████████████████
██████████████████████████████████████
 ████████████████████████████████████

                      █████
                     ██████
                    ██████
                   ██████
                  ██████
                 ████████████████████
                 ▀██████████████████▀
LATTICE - A New Paradigm of Decentralized Finance
PRESALE
ONGOING
 

                   ▄▄████
              ▄▄████████▌
         ▄▄█████████▀███
    ▄▄██████████▀▀ ▄███▌
▄████████████▀▀  ▄█████
▀▀▀███████▀   ▄███████▌
      ██    ▄█████████
       █  ▄██████████▌
       █  ███████████
       █ ██▀ ▀██████▌
       ██▀     ▀████
                 ▀█▌
 

             ▄████▄▄   ▄
█▄          ██████████▀▄
███        ███████████▀
▐████▄     ██████████▌
▄▄██████▄▄▄▄█████████▌
▀████████████████████
  ▀█████████████████
  ▄▄███████████████
   ▀█████████████▀
    ▄▄█████████▀
▀▀██████████▀
    ▀▀▀▀▀
1603915231
Hero Member
*
Offline Offline

Posts: 1603915231

View Profile Personal Message (Offline)

Ignore
1603915231
Reply with quote  #2

1603915231
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1603915231
Hero Member
*
Offline Offline

Posts: 1603915231

View Profile Personal Message (Offline)

Ignore
1603915231
Reply with quote  #2

1603915231
Report to moderator
1603915231
Hero Member
*
Offline Offline

Posts: 1603915231

View Profile Personal Message (Offline)

Ignore
1603915231
Reply with quote  #2

1603915231
Report to moderator
1603915231
Hero Member
*
Offline Offline

Posts: 1603915231

View Profile Personal Message (Offline)

Ignore
1603915231
Reply with quote  #2

1603915231
Report to moderator
Sanitough
Hero Member
*****
Offline Offline

Activity: 1568
Merit: 605



View Profile
August 25, 2020, 11:02:36 AM
 #2

CryptoTrader.Tax’s security team investigated the breach and found tax filing account passwords and CryptoTrader.Tax’s website were not compromised,
Kemmerer said.
How do they conclude that when the hacker successfully stole data from the website?

The team then alerted parties affected by the breach and took steps to improve security measures and monitoring systems across internal and third-party applications, Kemmerer said.

https://www.coindesk.com/hacker-cryptotrader-tax


They should improve the security measures, and investigate how this happened. Also, they have to be investigated as well if there is an inside job within the company as their information is vital, and it could put the lives of their clients at risk.

           ▄███
         ▄███▀
       ▄███▀     ▄
     ▄███▀      ███▄
   ▄███▀         ▀███▄
 ▄███▀             ▀███▄
▐██▀  ▄███▄   ▄███▄  ▀██▌
▐██▄  █████   █████  ▄██▌
 ▀███▄ ▀▀▀     ▀▀▀ ▄███▀
   ▀███▄         ▄███▀
     ▀███▄     ▄███▀
       ▀███▄▄▄███▀
         ▀█████▀
.
...BITSLER...
███████████████████████████
███████████████████████████
████████▀▀▄▄  ▄▄▄▀▀████████
██████▀▄▄      ▀███▄▀██████
█████ ██       ▄▄▄▀▀▀ █████
████ ██▀▄▄▄▄  ██████   ████
████ ▀▄██████ ███████  ████
████   ███████ ▀▀██▀▄█ ████
█████   ▀▀██▀      ██ █████
██████▄▀██▄▄       ▀▄██████
████████▄▄▀▀▀  ▀▀▄▄████████
███████████████████████████
███████████████████████████
███████████████████████████
███████████████████████████
████████▀▀▄▄▄▄▄ ▄▀▀████████
██████▀▄█████▀▄████▄▀██████
█████ ███▀▀▄▄██████▀▄ █████
████ ███ ██████████ ██ ████
████ ███ █████████ ███ ████
████ ███ ████████▀▄███ ████
█████ ███▄▀▀██▀▀▀▄███ █████
██████▄▀████▄▄█████▀▄██████
████████▄▄▀▀▀▀▀▀▀▄▄████████
███████████████████████████
███████████████████████████
.
..SPORTSBOOK..
███████████████████████████
███████████████████████████
████████▀▀▄ ▄▄▄▄▄▀▀████████
██████▀▄██ ███▀▀▄▄▄ ▀██████
█████ █ ██ ▀▄▄███████ █████
████ ▀██ ▄██▄▀▀▀██████ ████
████ █  █▄▀█████▄▄▄▄▀▀ ████
████ ▀▄█ ██▄▀█████████ ████
█████ ██▄▀███▄▀▀█████ █████
██████▄▀█ ██████▄▄▀▀▄██████
████████▄▄ ▀▀▀▀▀▀▄▄████████
███████████████████████████
███████████████████████████
███████████████████████████
███████████████████████████
███████████  ██████████████
█████████▀       ▄▄▄▄██████
████████▀      ▄███████████
████████     ▐█████████████
████████▌    ██████████████
████████      █████████████
███████▀  ██  ▐████████████
███████  ███▌ ▐████████████
██████▌ ████▌ ▀████████████
███████████████████████████
███████████████████████████
.
....PLAY NOW....
           ▄███
         ▄███▀
       ▄███▀     ▄
     ▄███▀      ███▄
   ▄███▀         ▀███▄
 ▄███▀             ▀███▄
▐██▀  ▄███▄   ▄███▄  ▀██▌
▐██▄  █████   █████  ▄██▌
 ▀███▄ ▀▀▀     ▀▀▀ ▄███▀
   ▀███▄         ▄███▀
     ▀███▄     ▄███▀
       ▀███▄▄▄███▀
         ▀█████▀
ETFbitcoin
Legendary
*
Offline Offline

Activity: 1666
Merit: 2554

Use SegWit and enjoy lower fees.


View Profile WWW
August 25, 2020, 11:10:14 AM
 #3

More people now will be exposed that they own cryptocurrency and might be personally targeted.

thesmallgod
Full Member
***
Offline Offline

Activity: 1120
Merit: 124



View Profile
August 25, 2020, 11:16:48 AM
 #4

I'm just wondering how they know the other information such as the passwords are not in custody of the hacker. It is not unbelievable to see hacker stealing information but it become worrisome when they have direct access to your account. The hacker might not compromise the password by changing it but might know the passwords. This is part of the reason why people have not supporting centralized platforms

DdmrDdmr
Legendary
*
Offline Offline

Activity: 1022
Merit: 4421


There are lies, damned lies and statistics. MTwain


View Profile WWW
August 25, 2020, 12:38:06 PM
 #5

<…> How do they conclude that when the hacker successfully stole data from the website?
The article states it in the first few paragraphs:
Quote
<…> The hacker then screengrabbed samples of this sensitive information, posted them on the forum to entice potential buyers of the data trove and sent additional pictures to the source, who shared this evidence with CoinDesk. <…>
I figure that CryptoTrader.Tax had no hard time in verifying that the breach was real.

This case rings a bell (read notorious Twitter accounts used to scam recently), as the hack was allegedly performed by means of using a:
Quote
marketing and customer service employee’s account
That enabled the hacker to obtain inside information. Now how the company allowed for an external access to the system, even if the credentials were known, beats me. Nowadays, corporations can delimit external access through a range of mechanisms, which include verifying that the external device is authorised (i.e. account authorised vpn credentials + laptop authorization verification). Of course the hacker could have made the access through one of the employees devices, which would place a spotlight on who gave way for the breach to take place from his device.

pakhitheboss
Full Member
***
Offline Offline

Activity: 854
Merit: 115


Coinbene.com - Experience Fast Crypto Trading


View Profile
August 25, 2020, 02:49:01 PM
 #6

Quote
Tax marketing and customer service employee’s account on a support center platform
Sounds more like an inside job as without the proper authorization no one can access the account of an employee or the employee was a dumb.

Other reason can be that CryptoTrader do not have the highest level of security features or firewall activated in their system.

Anyways it is big dent to their reputation and trust.


stompix
Legendary
*
Offline Offline

Activity: 1596
Merit: 1790



View Profile
August 25, 2020, 03:35:25 PM
 #7

That enabled the hacker to obtain inside information. Now how the company allowed for an external access to the system, even if the credentials were known, beats me. Nowadays, corporations can delimit external access through a range of mechanisms, which include verifying that the external device is authorised (i.e. account authorised vpn credentials + laptop authorization verification). Of course the hacker could have made the access through one of the employees devices, which would place a spotlight on who gave way for the breach to take place from his device.

I don't think that their system or access to it was compromised when I read the "marketing" thing I'm assuming that accounts of one of the employees have been compromised and most of the times these guys pile data after data and sheets over sheets of info around with no real protection,  email is often used to share lists and even google drive. Somebody working on the newsletters, nobody doing a report on their target customers and there you have it.

The fact that no real sensitive information was confirmed leak makes me believe more in this hypothesis.

One thing that also struck me:
Quote
The co-founder of the platform, David Kemmerer, also confirmed the breach and detailed that the data were compromised on April 7.
I suppose they weren't planning on telling anyone about it.

This is part of the reason why people have not supporting centralized platforms

So, how do you imagine a decentralized platform for doing your taxes?  Grin





Ucy
Sr. Member
****
Offline Offline

Activity: 1386
Merit: 329



View Profile
August 25, 2020, 04:55:33 PM
 #8

Maybe if they begin to get the companies/organizations compensate the victims for such hacks, others will be too scared to have such sensitive information without proper and strongest possible security measures, and the hacks will likely stop becoming frequent.
 Losing your private data to hackers is a very dangerous thing that can happen and people hardly take this seriously.



BIG WINNER!
[15.00000000 BTC]


▄████████████████████▄
██████████████████████
██████████▀▀██████████
█████████░░░░█████████
██████████▄▄██████████
███████▀▀████▀▀███████
██████░░░░██░░░░██████
███████▄▄████▄▄███████
████▀▀████▀▀████▀▀████
███░░░░██░░░░██░░░░███
████▄▄████▄▄████▄▄████
██████████████████████
▀████████████████████▀
▄████████████████████▄
██████████████████████
█████▀▀█▀▀▀▀▀▀██▀▀████
█████░░░░░░░░░░░░░▄███
█████░░░░░░░░░░░░▄████
█████░░▄███▄░░░░██████
█████▄▄███▀░░░░▄██████
█████████░░░░░░███████
████████░░░░░░░███████
███████░░░░░░░░███████
███████▄▄▄▄▄▄▄▄███████
██████████████████████
▀████████████████████▀
▄████████████████████▄
███████████████▀▀▀▀▀▀▀
███████████▀▀▄▄█░░░░░█
█████████▀░░█████░░░░█
███████▀░░░░░████▀░░░▀
██████░░░░░░░░▀▄▄█████
█████░▄░░░░░▄██████▀▀█
████░████▄░███████░░░░
███░█████░█████████░░█
███░░░▀█░██████████░░█
███░░░░░░████▀▀██▀░░░░
███░░░░░░███░░░░░░░░░░
▀██░▄▄▄▄░████▄▄██▄░░░░
▄████████████▀▀▀▀▀▀▀██▄
█████████████░█▀▀▀█░███
██████████▀▀░█▀░░░▀█░▀▀
███████▀░▄▄█░█░░░░░█░█▄
████▀░▄▄████░▀█░░░█▀░██
███░▄████▀▀░▄░▀█░█▀░▄░▀
█▀░███▀▀▀░░███░▀█▀░███░
▀░███▀░░░░░████▄░▄████░
░███▀░░░░░░░█████████░░
░███░░░░░░░░░███████░░░
███▀░██░░░░░░▀░▄▄▄░▀░░░
███░██████▄▄░▄█████▄░▄▄
▀██░████████░███████░█▀
▄████████████████████▄
████████▀▀░░░▀▀███████
███▀▀░░░░░▄▄▄░░░░▀▀▀██
██░▀▀▄▄░░░▀▀▀░░░▄▄▀▀██
██░▄▄░░▀▀▄▄░▄▄▀▀░░░░██
██░▀▀░░░░░░█░░░░░██░██
██░░░▄▄░░░░█░██░░░░░██
██░░░▀▀░░░░█░░░░░░░░██
██░░░░░▄▄░░█░░░░░██░██
██▄░░░░▀▀░░█░██░░░░░██
█████▄▄░░░░█░░░░▄▄████
█████████▄▄█▄▄████████
▀████████████████████▀




Rainbot
Daily Quests
Faucet
Stedsm
Legendary
*
Offline Offline

Activity: 2198
Merit: 1215



View Profile
August 25, 2020, 05:57:34 PM
 #9

More people now will be exposed that they own cryptocurrency and might be personally targeted.

Isn't this something that was expected to happen when crypto was being expected to go mainstream? Come on, BTC is on TV ads, banners, almost everywhere and this is the security that these tax guys give? Just because of this security breach, 100s of customers have lost their privacy and will definitely be touched by government officials once their data gets leaked. No doubt they were already going the legal way by paying taxes, but how much tax, is what this company was going to deliver them with their work. I'm afraid we're all prone to hacks almost everywhere where no tight security is available (eg.; Casinos, gambling websites, lending websites, DeFi websites, etc.)

           ▄███
         ▄███▀
       ▄███▀     ▄
     ▄███▀      ███▄
   ▄███▀         ▀███▄
 ▄███▀             ▀███▄
▐██▀  ▄███▄   ▄███▄  ▀██▌
▐██▄  █████   █████  ▄██▌
 ▀███▄ ▀▀▀     ▀▀▀ ▄███▀
   ▀███▄         ▄███▀
     ▀███▄     ▄███▀
       ▀███▄▄▄███▀
         ▀█████▀
.
...BITSLER...
███████████████████████████
███████████████████████████
████████▀▀▄▄  ▄▄▄▀▀████████
██████▀▄▄      ▀███▄▀██████
█████ ██       ▄▄▄▀▀▀ █████
████ ██▀▄▄▄▄  ██████   ████
████ ▀▄██████ ███████  ████
████   ███████ ▀▀██▀▄█ ████
█████   ▀▀██▀      ██ █████
██████▄▀██▄▄       ▀▄██████
████████▄▄▀▀▀  ▀▀▄▄████████
███████████████████████████
███████████████████████████
███████████████████████████
███████████████████████████
████████▀▀▄▄▄▄▄ ▄▀▀████████
██████▀▄█████▀▄████▄▀██████
█████ ███▀▀▄▄██████▀▄ █████
████ ███ ██████████ ██ ████
████ ███ █████████ ███ ████
████ ███ ████████▀▄███ ████
█████ ███▄▀▀██▀▀▀▄███ █████
██████▄▀████▄▄█████▀▄██████
████████▄▄▀▀▀▀▀▀▀▄▄████████
███████████████████████████
███████████████████████████
.
..SPORTSBOOK..
███████████████████████████
███████████████████████████
████████▀▀▄ ▄▄▄▄▄▀▀████████
██████▀▄██ ███▀▀▄▄▄ ▀██████
█████ █ ██ ▀▄▄███████ █████
████ ▀██ ▄██▄▀▀▀██████ ████
████ █  █▄▀█████▄▄▄▄▀▀ ████
████ ▀▄█ ██▄▀█████████ ████
█████ ██▄▀███▄▀▀█████ █████
██████▄▀█ ██████▄▄▀▀▄██████
████████▄▄ ▀▀▀▀▀▀▄▄████████
███████████████████████████
███████████████████████████
███████████████████████████
███████████████████████████
███████████  ██████████████
█████████▀       ▄▄▄▄██████
████████▀      ▄███████████
████████     ▐█████████████
████████▌    ██████████████
████████      █████████████
███████▀  ██  ▐████████████
███████  ███▌ ▐████████████
██████▌ ████▌ ▀████████████
███████████████████████████
███████████████████████████
.
....PLAY NOW....
           ▄███
         ▄███▀
       ▄███▀     ▄
     ▄███▀      ███▄
   ▄███▀         ▀███▄
 ▄███▀             ▀███▄
▐██▀  ▄███▄   ▄███▄  ▀██▌
▐██▄  █████   █████  ▄██▌
 ▀███▄ ▀▀▀     ▀▀▀ ▄███▀
   ▀███▄         ▄███▀
     ▀███▄     ▄███▀
       ▀███▄▄▄███▀
         ▀█████▀
snipie
Legendary
*
Offline Offline

Activity: 1862
Merit: 1059


bitcointalk.org/index.php?topic=2957836.0


View Profile
August 25, 2020, 06:10:35 PM
 #10

Quote
Tax marketing and customer service employee’s account on a support center platform
Sounds more like an inside job as without the proper authorization no one can access the account of an employee or the employee was a dumb.

Other reason can be that CryptoTrader do not have the highest level of security features or firewall activated in their system.

Anyways it is big dent to their reputation and trust.
Normally after the Twitter hack, everyone should check the system and improve its security... I don't think it is an inside job, but incompetence these days may cost companies much Undecided

pixie85
Sr. Member
****
Offline Offline

Activity: 1428
Merit: 360


View Profile
August 25, 2020, 06:25:26 PM
Merited by vapourminer (1)
 #11

Quote
Tax marketing and customer service employee’s account on a support center platform
Sounds more like an inside job as without the proper authorization no one can access the account of an employee or the employee was a dumb.

Other reason can be that CryptoTrader do not have the highest level of security features or firewall activated in their system.

Anyways it is big dent to their reputation and trust.



Probably dumb. Go to any IT office and you'll see passwords and logins all over the place. Written on pieces of paper, stickers attatched to monitors. Often workstations have some easy passwords with numbers and the logins are first names of employees.

Security in 90% of corporations sucks. They have key cards for every door and security in the building but computers have minimal protection.

figmentofmyass
Legendary
*
Offline Offline

Activity: 1554
Merit: 1387



View Profile
August 25, 2020, 07:00:05 PM
 #12

my first thought was "oh shit, what if they got tax IDs, physical addresses, and other filer info"? fortunately the breach doesn't actually look that bad.

Quote
customers’ names, email addresses, payment processor profiles and messages sometimes containing cryptocurrency incomes.

Quote
To pay for subscriptions, premium users also enter billing information into Stripe, a payment processor. Stripe is connected to CryptoTrader.Tax’s support center platform and shows customers’ email addresses and general locations, but it does not expose physical addresses or credit, debit and banking information, according to the Stripe website.

The hacker also accessed marketing communications, referral numbers, commission earnings and revenues from affiliates who promote the CryptoTrader.Tax service on websites and social media, according to the materials reviewed by CoinDesk and Kemmerer.

this is yet another reminder to use a different email address for every service though---if it gets leaked, no big deal.

One thing that also struck me:
Quote
The co-founder of the platform, David Kemmerer, also confirmed the breach and detailed that the data were compromised on April 7.
I suppose they weren't planning on telling anyone about it.

i noticed that and thought "thanks for waiting 4.5 months until the dump was found on the dark web to mention it"! but maybe they at least informed affected customers at the time. it's not 100% clear when they disclosed it:

Quote
CryptoTrader.Tax’s security team investigated the breach and found tax filing account passwords and CryptoTrader.Tax’s website were not compromised, Kemmerer said. The team then alerted parties affected by the breach and took steps to improve security measures and monitoring systems across internal and third-party applications, Kemmerer said.

wxa7115
Hero Member
*****
Offline Offline

Activity: 1428
Merit: 546


Coinbene.com - Experience Fast Crypto Trading


View Profile
August 25, 2020, 07:14:43 PM
 #13

I'm just wondering how they know the other information such as the passwords are not in custody of the hacker. It is not unbelievable to see hacker stealing information but it become worrisome when they have direct access to your account. The hacker might not compromise the password by changing it but might know the passwords. This is part of the reason why people have not supporting centralized platforms
The short answer is that they simply do not know it and they are just making that up, if a hacker gets access to your systems then it is not out of the realm of possibility that he was able to get access to certain information and you were not aware of it, they are saying that just to try to calm people down and try to shift the issue.

Unfortunately as governments try to make this market more centralized we are bound to see more hacks on the future and as the value of the cryptocurrencies increases then the amount stolen will keep increasing and unfortunately this will have the effect of slowing down adoption as people read about this news and think the market is insecure, when in fact centralized platforms are the ones that are insecure.

Twentyonepaylots
Sr. Member
****
Offline Offline

Activity: 840
Merit: 294



View Profile
August 25, 2020, 07:35:09 PM
 #14

Quote
Tax marketing and customer service employee’s account on a support center platform
Sounds more like an inside job as without the proper authorization no one can access the account of an employee or the employee was a dumb.

Other reason can be that CryptoTrader do not have the highest level of security features or firewall activated in their system.

Anyways it is big dent to their reputation and trust.
Normally after the Twitter hack, everyone should check the system and improve its security... I don't think it is an inside job, but incompetence these days may cost companies much Undecided
It makes sense for a company like cryptotrader to check their security after a massive data breaching in twitter had occur however as for what I understand through reading the article there were no trace or evidence that they are breached but someone just saw it on the dark web. Does this mean that the hacker went easily to pass their security level? perhaps an inside job?

.
.Duelbits..
██
██
██
██
██
██
██
██
██
██
██
██
██
███████████████████████████
██ ▄▄▄▄ ███████████ ▄▄▄▄ ██
██ █ ▄▄▄▄ ███████ ▄▄▄▄ █ ██
██ ▀ █ ▄▄▄▄ ███ ▄▄▄▄ █ ▀ ██
████ ▀ █  █ ███ █  █ ▀ ████
██████ ▀▀▀▀ ███ ▀▀▀▀ ██████
██▄ ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ ▄██
██▄██████▌▐▀▄▀▄▀▌▐██████▄██
██▀▀▀████ █▄▀▄▀▄█ ████▀▀▀██
█████▄▄▄ ▄▄▄▄▄▄▄▄▄ ▄▄▄█████
███████▌▐█████████▌▐███████
██▄▄▄▀▀ ▀▀▀▀▀▀▀▀▀▀▀ ▀▀▄▄▄██
███████████████████████████
███████████████████████████
███████████████████████████
█████████████████▀██ ██▀███
██████████████████▄███▄████
██ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ██
██ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ ██
██ ██████ ▐█████▌ █ ██ █ ██
██ █▀▄▄▀█ ▐▀▄▄▄▀▌ ██▄▄██ ██
██ █▄▀▀▄█ ▐▄▀▀▀▄▌ ▀▀▀▀▀▀ ██
██ ██████ ▐█████▌ ██████ ██
██ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ██
██ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ ██
███████████████████████████
███████████████████████████
██▀▄▄▄▄▄▄▄▄▄▄▄▄▀███████████
██ █▀▄▀▄▀▄▀▄▀▄█ ███████████
██ █▀▄▀▄▀▄▀▄ ▄▄▄▄▄▄▄▄▄▄▄▀██
██ █▀▄▀▄▀▄ █ █▀▄▀███████ ██
██ █▀▄▀▄▀▄ █ ██▄████████ ██
██ █▀▄▀▄▀▄ █ ████▀▄▀████ ██
██ █▀▄▀▄▀▄ █ ███ ███ ███ ██
██ █▀▄▀▄▀▄ █ ████▄▀▄████ ██
██ ▀▀▀▀▀▀▀ █ ████████▀██ ██
██ ▀▀▀▀▀▀▀ █ ███████▄▀▄█ ██
██▄▀▀▀▀▀▀▀▄▀ ▀▀▀▀▀▀▀▀▀▀▀▄██
███████████████████████████
███████████████████████████
████████▀▀▄▄▄▄▄▄▄▀▀████████
█████▀▄▄███████████▄▄▀█████
████ █████████████████ ████
███ ███████████████████ ███
██ █████████████████████ ██
██ █████████████████████ ██
██ ████████████   ▐█████ ██
███ ███████████   ▐████ ███
████ █████████████████ ████
█████▄▀▀███████████▀▀▄█████
████████▄▄▀▀▀▀▀▀▀▄▄████████
███████████████████████████
███████████████████████████
██ ▄▄▄▀▀███████████▀▀▄▄▄ ██
██ █████▄▀███████▀▄█████ ██
███▄▀█████▄▀███▀▄█████▀▄███
█████▄▀█████▄▀██████▀▄█████
███████▄▀█████▄▀██▀▄███████
█████████▄▀█████▄▀█████████
███▀▄▄▀▀▄██▄▀█████▄▀▀▄▀████
████ ██▄▀████▄▀███▀▄██ ████
████▀▄███▄▀▄███▄▀▄███▄▀████
██▀▄██▀▄▀▀█ ███ █▀▀▄▀██▄▀██
███▄▀▄████▄█████▄████▄▀▄███
███████████████████████████
LIVE SHOWS
SLOTS
BLACKJACK
  ROULETTE
  DUELS
▬▬▬▬▬▬▬▬
CASHBACK
██&██
RAKEBACK
██
██
██
██
██
██
██
██
██
██
██
██
██
████████
██
██
██
██
██
██
██
██
██
██
██
████████
.
.Register Now.
████████
██
██
██
██
██
██
██
██
██
██
██
████████
snipie
Legendary
*
Offline Offline

Activity: 1862
Merit: 1059


bitcointalk.org/index.php?topic=2957836.0


View Profile
August 25, 2020, 07:56:45 PM
 #15

It makes sense for a company like cryptotrader to check their security after a massive data breaching in twitter had occur however as for what I understand through reading the article there were no trace or evidence that they are breached but someone just saw it on the dark web. Does this mean that the hacker went easily to pass their security level? perhaps an inside job?
If the hacker managed to have the credentials of an unaware employee then he can do whatever he wants without being detected likely. An inside job is possible too, although I don't tend to believe it, since I always ask what's the point of doing it and how much he will gain? Risk > benefits imo.

btc_angela
Sr. Member
****
Offline Offline

Activity: 1330
Merit: 358



View Profile
August 25, 2020, 08:03:06 PM
 #16

It makes sense for a company like cryptotrader to check their security after a massive data breaching in twitter had occur however as for what I understand through reading the article there were no trace or evidence that they are breached but someone just saw it on the dark web. Does this mean that the hacker went easily to pass their security level? perhaps an inside job?
If the hacker managed to have the credentials of an unaware employee then he can do whatever he wants without being detected likely. An inside job is possible too, although I don't tend to believe it, since I always ask what's the point of doing it and how much he will gain? Risk > benefits imo.

I also doubt that this is an inside job, usually hackers are targeting the weakest link in the chain, in this case, probably one employee who is very careless here and just clicking an external email and then boom, hackers have now access to their system using that employee's credential and then smooth sailing from then end. They could plant a backdoor as well and silently get all the necessary info and then sell it to the dark web.

BitDice[]               ▄▄███▄▄
           ▄▄██▀▀ ▄ ▀▀██▄▄
      ▄▄█ ▀▀  ▄▄█████▄▄  ▀▀ █▄▄
  ▄▄██▀▀     ▀▀ █████ ▀▀     ▀▀██▄▄
██▀▀ ▄▄██▀      ▀███▀      ▀██▄▄ ▀▀██
██  ████▄▄       ███       ▄▄████  ██
██  █▀▀████▄▄  ▄█████▄  ▄▄████▀▀█  ██
██  ▀     ▀▀▀███████████▀▀▀     ▀  ██
             ███████████
██  ▄     ▄▄▄███████████▄▄▄     ▄  ██
██  █▄▄████▀▀  ▀█████▀  ▀▀████▄▄█  ██
██  ████▀▀       ███       ▀▀████  ██
██▄▄ ▀▀██▄      ▄███▄      ▄██▀▀ ▄▄██
  ▀▀██▄▄     ▄▄ █████ ▄▄     ▄▄██▀▀
      ▀▀█ ▄▄  ▀▀█████▀▀  ▄▄ █▀▀
           ▀▀██▄▄ ▀ ▄▄██▀▀
               ▀▀███▀▀
        ▄▄███████▄▄
     ▄███████████████▄
    ████▀▀       ▀▀████
   ████▀           ▀████
   ████             ████
   ████ ▄▄▄▄▄▄▄▄▄▄▄ ████
▄█████████████████████████▄
██████████▀▀▀▀▀▀▀██████████
████                   ████
████                   ████
████                   ████
████                   ████
████                   ████
████▄                 ▄████
████████▄▄▄     ▄▄▄████████
  ▀▀▀█████████████████▀▀▀
        ▀▀▀█████▀▀▀
▄▄████████████████████████████████▄▄
██████████████████████████████████████
█████                            █████
█████                            █████
█████                            █████
█████                            █████
█████                     ▄▄▄▄▄▄▄▄▄▄
█████                   ▄█▀▀▀▀▀▀▀▀▀▀█▄
█████                   ██          ██
█████                   ██          ██
█████                   ██          ██
██████████████████▀▀███ ██          ██
 ████████████████▄  ▄██ ██          ██
   ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ ██          ██
             ██████████ ██          ██
           ▄███████████ ██████▀▀██████
          █████████████  ▀████▄▄████▀
[/]
seoincorporation
Legendary
*
Offline Offline

Activity: 1876
Merit: 1669


BtcBoss


View Profile
August 25, 2020, 08:21:31 PM
 #17

<…> How do they conclude that when the hacker successfully stole data from the website?
The article states it in the first few paragraphs:
Quote
<…> The hacker then screengrabbed samples of this sensitive information, posted them on the forum to entice potential buyers of the data trove and sent additional pictures to the source, who shared this evidence with CoinDesk. <…>
I figure that CryptoTrader.Tax had no hard time in verifying that the breach was real.

This case rings a bell (read notorious Twitter accounts used to scam recently), as the hack was allegedly performed by means of using a:
Quote
marketing and customer service employee’s account
That enabled the hacker to obtain inside information. Now how the company allowed for an external access to the system, even if the credentials were known, beats me. Nowadays, corporations can delimit external access through a range of mechanisms, which include verifying that the external device is authorised (i.e. account authorised vpn credentials + laptop authorization verification). Of course the hacker could have made the access through one of the employees devices, which would place a spotlight on who gave way for the breach to take place from his device.

First they see the hacker offering the information in the forum, after that i guess they review the security log in the server, and for sure there they see the DataBase dump... That's easy to do on linux, but the hard part of the problem is to identify the exploited vulnerability. The service can't come up again if they don't know how the attacker access...

.BitDice.               ▄▄███▄▄
           ▄▄██▀▀ ▄ ▀▀██▄▄
      ▄▄█ ▀▀  ▄▄█████▄▄  ▀▀ █▄▄
  ▄▄██▀▀     ▀▀ █████ ▀▀     ▀▀██▄▄
██▀▀ ▄▄██▀      ▀███▀      ▀██▄▄ ▀▀██
██  ████▄▄       ███       ▄▄████  ██
██  █▀▀████▄▄  ▄█████▄  ▄▄████▀▀█  ██
██  ▀     ▀▀▀███████████▀▀▀     ▀  ██
             ███████████
██  ▄     ▄▄▄███████████▄▄▄     ▄  ██
██  █▄▄████▀▀  ▀█████▀  ▀▀████▄▄█  ██
██  ████▀▀       ███       ▀▀████  ██
██▄▄ ▀▀██▄      ▄███▄      ▄██▀▀ ▄▄██
  ▀▀██▄▄     ▄▄ █████ ▄▄     ▄▄██▀▀
      ▀▀█ ▄▄  ▀▀█████▀▀  ▄▄ █▀▀
           ▀▀██▄▄ ▀ ▄▄██▀▀
               ▀▀███▀▀
        ▄▄███████▄▄
     ▄███████████████▄
    ████▀▀       ▀▀████
   ████▀           ▀████
   ████             ████
   ████ ▄▄▄▄▄▄▄▄▄▄▄ ████
▄█████████████████████████▄
██████████▀▀▀▀▀▀▀██████████
████                   ████
████                   ████
████                   ████
████                   ████
████                   ████
████▄                 ▄████
████████▄▄▄     ▄▄▄████████
  ▀▀▀█████████████████▀▀▀
        ▀▀▀█████▀▀▀
▄▄████████████████████████████████▄▄
██████████████████████████████████████
█████                            █████
█████                            █████
█████                            █████
█████                            █████
█████                     ▄▄▄▄▄▄▄▄▄▄
█████                   ▄█▀▀▀▀▀▀▀▀▀▀█▄
█████                   ██          ██
█████                   ██          ██
█████                   ██          ██
██████████████████▀▀███ ██          ██
 ████████████████▄  ▄██ ██          ██
   ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ ██          ██
             ██████████ ██          ██
           ▄███████████ ██████▀▀██████
          █████████████  ▀████▄▄████▀
[/]
rexxarofmoknathal
Sr. Member
****
Offline Offline

Activity: 924
Merit: 260



View Profile
August 25, 2020, 08:27:12 PM
 #18

Quote
Tax marketing and customer service employee’s account on a support center platform
Sounds more like an inside job as without the proper authorization no one can access the account of an employee or the employee was a dumb.


I almost smell the same thing here, this might just be an non-authorization from the inside, as how else will the hacker get access to the passwords and stuff?  I even fear to think that the CryptoTrader didn't consider online attacks and got little security in place like firewall etc. This is why this is likely an attack with inside help/insight. The obvious conclusion is clear: CryptoTrader has now got some recovery to do both on clients part as well as  their own reputation






BUY & SELL
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
BITCOIN ETHEREUM RIPPLE
FAQ
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
AFFILIATE PROGRAM




░██████████████████░
████████████████████
█████████▀░░░███████
█████████░░▄████████
███████▀▀░░▀▀███████
███████▄▄░░▄▄███████
█████████░░█████████

█████████░░█████████

█████████▄▄█████████

████████████████████

░██████████████████░
░██████████████████░
████████████████████
████████████▀▀▀█▀███
███░▀█████▀░░░░░▀███
███▌░░░▀▀▀░░░░░░████
████▄░░░░░░░░░░░████
█████▀░░░░░░░░░█████

██████▄░░░░░▄▄██████

█████▄▄▄▄███████████

████████████████████

░██████████████████░
░██████████████████░
████████████████████
████████████████████
███████████▀▀░░▐████
███████▀▀░░░░░█████
████▀░░░▄█▀░░░▐█████
█████▄▄█▀░░░░░██████

███████▌▄▄▄▐██████

████████████████████

████████████████████

░██████████████████░
Kelvinid
Sr. Member
****
Offline Offline

Activity: 1512
Merit: 296



View Profile
August 25, 2020, 11:06:37 PM
 #19

The hackers never do the hard work and have those personal data easily because he knows it already as probably he is on the part of the company. A big question of why hackers know the password? it gives an idea that it was an inside job.
Quote
CryptoTrader.Tax’s security team investigated the breach and found tax filing account passwords and CryptoTrader.Tax’s website were not compromised, Kemmerer said. The team then alerted parties affected by the breach and took steps to improve security measures and monitoring systems across internal and third-party applications, Kemmerer said.
That would something give an idea that hackers is also familiar with the company and might one of their person.

Anyway, we only have that presumption at his time, it might be wrong or right but that is also happening in some cases.
We have to wait for another update and to know more who are/is involved in this hacking incident.

freebitcoin       ▄▄▄█▀▀██▄▄▄
   ▄▄██████▄▄█  █▀▀█▄▄
  ███  █▀▀███████▄▄██▀
   ▀▀▀██▄▄█  ████▀▀  ▄██
▄███▄▄  ▀▀▀▀▀▀▀  ▄▄██████
██▀▀█████▄     ▄██▀█ ▀▀██
██▄▄███▀▀██   ███▀ ▄▄  ▀█
███████▄▄███ ███▄▄ ▀▀▄  █
██▀▀████████ █████  █▀▄██
 █▄▄████████ █████   ███
  ▀████  ███ ████▄▄███▀
     ▀▀████   ████▀▀
BITCOIN
DICE
EVENT
BETTING
WIN A LAMBO !

.
            ▄▄▄▄▄▄▄▄▄▄███████████▄▄▄▄▄
▄▄▄▄▄██████████████████████████████████▄▄▄▄
▀██████████████████████████████████████████████▄▄▄
▄▄████▄█████▄████████████████████████████▄█████▄████▄▄
▀████████▀▀▀████████████████████████████████▀▀▀██████████▄
  ▀▀▀████▄▄▄███████████████████████████████▄▄▄██████████
       ▀█████▀  ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  ▀█████▀▀▀▀▀▀▀▀▀▀
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
▄█████
██
██
██
██
██
██
██
██
██
██
██
▀█████
.
PLAY NOW
█████▄
██
██
██
██
██
██
██
██
██
██
██
█████▀
AmoreJaz
Legendary
*
Offline Offline

Activity: 1806
Merit: 1044



View Profile
August 25, 2020, 11:11:42 PM
 #20

Quote
Tax marketing and customer service employee’s account on a support center platform
Sounds more like an inside job as without the proper authorization no one can access the account of an employee or the employee was a dumb.

Other reason can be that CryptoTrader do not have the highest level of security features or firewall activated in their system.

Anyways it is big dent to their reputation and trust.


very well it could be an inside job. remember the percentage of internal breaches is higher than other types like external, partners, multiple parties. so who knows that this security breach is because one of them decided to make his own decision? really is hard to trust your vital info these days. you'll never where it will end up to. so stay safe everybody!


           ▄███
         ▄███▀
       ▄███▀     ▄
     ▄███▀      ███▄
   ▄███▀         ▀███▄
 ▄███▀             ▀███▄
▐██▀  ▄███▄   ▄███▄  ▀██▌
▐██▄  █████   █████  ▄██▌
 ▀███▄ ▀▀▀     ▀▀▀ ▄███▀
   ▀███▄         ▄███▀
     ▀███▄     ▄███▀
       ▀███▄▄▄███▀
         ▀█████▀
.
...BITSLER...
███████████████████████████
███████████████████████████
████████▀▀▄▄  ▄▄▄▀▀████████
██████▀▄▄      ▀███▄▀██████
█████ ██       ▄▄▄▀▀▀ █████
████ ██▀▄▄▄▄  ██████   ████
████ ▀▄██████ ███████  ████
████   ███████ ▀▀██▀▄█ ████
█████   ▀▀██▀      ██ █████
██████▄▀██▄▄       ▀▄██████
████████▄▄▀▀▀  ▀▀▄▄████████
███████████████████████████
███████████████████████████
███████████████████████████
███████████████████████████
████████▀▀▄▄▄▄▄ ▄▀▀████████
██████▀▄█████▀▄████▄▀██████
█████ ███▀▀▄▄██████▀▄ █████
████ ███ ██████████ ██ ████
████ ███ █████████ ███ ████
████ ███ ████████▀▄███ ████
█████ ███▄▀▀██▀▀▀▄███ █████
██████▄▀████▄▄█████▀▄██████
████████▄▄▀▀▀▀▀▀▀▄▄████████
███████████████████████████
███████████████████████████
.
..SPORTSBOOK..
███████████████████████████
███████████████████████████
████████▀▀▄ ▄▄▄▄▄▀▀████████
██████▀▄██ ███▀▀▄▄▄ ▀██████
█████ █ ██ ▀▄▄███████ █████
████ ▀██ ▄██▄▀▀▀██████ ████
████ █  █▄▀█████▄▄▄▄▀▀ ████
████ ▀▄█ ██▄▀█████████ ████
█████ ██▄▀███▄▀▀█████ █████
██████▄▀█ ██████▄▄▀▀▄██████
████████▄▄ ▀▀▀▀▀▀▄▄████████
███████████████████████████
███████████████████████████
███████████████████████████
███████████████████████████
███████████  ██████████████
█████████▀       ▄▄▄▄██████
████████▀      ▄███████████
████████     ▐█████████████
████████▌    ██████████████
████████      █████████████
███████▀  ██  ▐████████████
███████  ███▌ ▐████████████
██████▌ ████▌ ▀████████████
███████████████████████████
███████████████████████████
.
....PLAY NOW....
           ▄███
         ▄███▀
       ▄███▀     ▄
     ▄███▀      ███▄
   ▄███▀         ▀███▄
 ▄███▀             ▀███▄
▐██▀  ▄███▄   ▄███▄  ▀██▌
▐██▄  █████   █████  ▄██▌
 ▀███▄ ▀▀▀     ▀▀▀ ▄███▀
   ▀███▄         ▄███▀
     ▀███▄     ▄███▀
       ▀███▄▄▄███▀
         ▀█████▀
Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!