Hacker Stole 1,000 Traders’ Personal Data From CryptoTrader.Tax

[spike420211]

A hacker has stolen data on more than 1,000 users from CryptoTrader.Tax, an online service used to calculate and file taxes on cryptocurrency trades.

The hacker broke into a CryptoTrader.Tax marketing and customer service employee’s account on a support center platform, according to a source who came across the hacker on a dark web forum. With this access, the hacker could see customers’ names, email addresses, payment processor profiles and messages sometimes containing cryptocurrency incomes.

The hacker then screengrabbed samples of this sensitive information, posted them on the forum to entice potential buyers of the data trove and sent additional pictures to the source, who shared this evidence with CoinDesk.

David Kemmerer, a co-founder and the chief executive of CryptoTrader.Tax, confirmed to CoinDesk that a hacker gained unauthorized access on April 7 to the marketing and customer service employee’s account. The hacker was able to see support center details in the materials and downloaded a file containing 13,000 rows of information, including 1,082 unique email addresses, Kemmerer said.

CryptoTrader.Tax’s security team investigated the breach and found tax filing account passwords and CryptoTrader.Tax’s website were not compromised, Kemmerer said. The team then alerted parties affected by the breach and took steps to improve security measures and monitoring systems across internal and third-party applications, Kemmerer said.

https://www.coindesk.com/hacker-cryptotrader-tax

[1713959512]

1713959512

[1713959512]

1713959512

[1713959512]

1713959512

[1713959512]

1713959512

[Sanitough]

CryptoTrader.Tax’s security team investigated the breach and found tax filing account passwords and CryptoTrader.Tax’s website were not compromised,
Kemmerer said.

How do they conclude that when the hacker successfully stole data from the website?

The team then alerted parties affected by the breach and took steps to improve security measures and monitoring systems across internal and third-party applications, Kemmerer said.

https://www.coindesk.com/hacker-cryptotrader-tax

They should improve the security measures, and investigate how this happened. Also, they have to be investigated as well if there is an inside job within the company as their information is vital, and it could put the lives of their clients at risk.

[thesmallgod]

I'm just wondering how they know the other information such as the passwords are not in custody of the hacker. It is not unbelievable to see hacker stealing information but it become worrisome when they have direct access to your account. The hacker might not compromise the password by changing it but might know the passwords. This is part of the reason why people have not supporting centralized platforms

[DdmrDdmr]

<…> How do they conclude that when the hacker successfully stole data from the website?

The article states it in the first few paragraphs:

<…> The hacker then screengrabbed samples of this sensitive information, posted them on the forum to entice potential buyers of the data trove and sent additional pictures to the source, who shared this evidence with CoinDesk. <…>

I figure that CryptoTrader.Tax had no hard time in verifying that the breach was real.

This case rings a bell (read notorious Twitter accounts used to scam recently), as the hack was allegedly performed by means of using a:

marketing and customer service employee’s account

That enabled the hacker to obtain inside information. Now how the company allowed for an external access to the system, even if the credentials were known, beats me. Nowadays, corporations can delimit external access through a range of mechanisms, which include verifying that the external device is authorised (i.e. account authorised vpn credentials + laptop authorization verification). Of course the hacker could have made the access through one of the employees devices, which would place a spotlight on who gave way for the breach to take place from his device.

[pakhitheboss]

Tax marketing and customer service employee’s account on a support center platform

Sounds more like an inside job as without the proper authorization no one can access the account of an employee or the employee was a dumb.

Other reason can be that CryptoTrader do not have the highest level of security features or firewall activated in their system.

Anyways it is big dent to their reputation and trust.

[stompix]

That enabled the hacker to obtain inside information. Now how the company allowed for an external access to the system, even if the credentials were known, beats me. Nowadays, corporations can delimit external access through a range of mechanisms, which include verifying that the external device is authorised (i.e. account authorised vpn credentials + laptop authorization verification). Of course the hacker could have made the access through one of the employees devices, which would place a spotlight on who gave way for the breach to take place from his device.

I don't think that their system or access to it was compromised when I read the "marketing" thing I'm assuming that accounts of one of the employees have been compromised and most of the times these guys pile data after data and sheets over sheets of info around with no real protection,  email is often used to share lists and even google drive. Somebody working on the newsletters, nobody doing a report on their target customers and there you have it.

The fact that no real sensitive information was confirmed leak makes me believe more in this hypothesis.

One thing that also struck me:

The co-founder of the platform, David Kemmerer, also confirmed the breach and detailed that the data were compromised on April 7.

I suppose they weren't planning on telling anyone about it.

This is part of the reason why people have not supporting centralized platforms

So, how do you imagine a decentralized platform for doing your taxes? 

[Ucy]

Maybe if they begin to get the companies/organizations compensate the victims for such hacks, others will be too scared to have such sensitive information without proper and strongest possible security measures, and the hacks will likely stop becoming frequent.
 Losing your private data to hackers is a very dangerous thing that can happen and people hardly take this seriously.

[Stedsm]

More people now will be exposed that they own cryptocurrency and might be personally targeted.

Isn't this something that was expected to happen when crypto was being expected to go mainstream? Come on, BTC is on TV ads, banners, almost everywhere and this is the security that these tax guys give? Just because of this security breach, 100s of customers have lost their privacy and will definitely be touched by government officials once their data gets leaked. No doubt they were already going the legal way by paying taxes, but how much tax, is what this company was going to deliver them with their work. I'm afraid we're all prone to hacks almost everywhere where no tight security is available (eg.; Casinos, gambling websites, lending websites, DeFi websites, etc.)

[snipie]

Tax marketing and customer service employee’s account on a support center platform

Sounds more like an inside job as without the proper authorization no one can access the account of an employee or the employee was a dumb.

Other reason can be that CryptoTrader do not have the highest level of security features or firewall activated in their system.

Anyways it is big dent to their reputation and trust.

Normally after the Twitter hack, everyone should check the system and improve its security... I don't think it is an inside job, but incompetence these days may cost companies much

[pixie85]

Tax marketing and customer service employee’s account on a support center platform

Sounds more like an inside job as without the proper authorization no one can access the account of an employee or the employee was a dumb.

Other reason can be that CryptoTrader do not have the highest level of security features or firewall activated in their system.

Anyways it is big dent to their reputation and trust.

Probably dumb. Go to any IT office and you'll see passwords and logins all over the place. Written on pieces of paper, stickers attatched to monitors. Often workstations have some easy passwords with numbers and the logins are first names of employees.

Security in 90% of corporations sucks. They have key cards for every door and security in the building but computers have minimal protection.

[figmentofmyass]

my first thought was "oh shit, what if they got tax IDs, physical addresses, and other filer info"? fortunately the breach doesn't actually look that bad.

customers’ names, email addresses, payment processor profiles and messages sometimes containing cryptocurrency incomes.

To pay for subscriptions, premium users also enter billing information into Stripe, a payment processor. Stripe is connected to CryptoTrader.Tax’s support center platform and shows customers’ email addresses and general locations, but it does not expose physical addresses or credit, debit and banking information, according to the Stripe website.

The hacker also accessed marketing communications, referral numbers, commission earnings and revenues from affiliates who promote the CryptoTrader.Tax service on websites and social media, according to the materials reviewed by CoinDesk and Kemmerer.

this is yet another reminder to use a different email address for every service though---if it gets leaked, no big deal.

One thing that also struck me:

The co-founder of the platform, David Kemmerer, also confirmed the breach and detailed that the data were compromised on April 7.

I suppose they weren't planning on telling anyone about it.

i noticed that and thought "thanks for waiting 4.5 months until the dump was found on the dark web to mention it"! but maybe they at least informed affected customers at the time. it's not 100% clear when they disclosed it:

CryptoTrader.Tax’s security team investigated the breach and found tax filing account passwords and CryptoTrader.Tax’s website were not compromised, Kemmerer said. The team then alerted parties affected by the breach and took steps to improve security measures and monitoring systems across internal and third-party applications, Kemmerer said.

[wxa7115]

I'm just wondering how they know the other information such as the passwords are not in custody of the hacker. It is not unbelievable to see hacker stealing information but it become worrisome when they have direct access to your account. The hacker might not compromise the password by changing it but might know the passwords. This is part of the reason why people have not supporting centralized platforms

The short answer is that they simply do not know it and they are just making that up, if a hacker gets access to your systems then it is not out of the realm of possibility that he was able to get access to certain information and you were not aware of it, they are saying that just to try to calm people down and try to shift the issue.

Unfortunately as governments try to make this market more centralized we are bound to see more hacks on the future and as the value of the cryptocurrencies increases then the amount stolen will keep increasing and unfortunately this will have the effect of slowing down adoption as people read about this news and think the market is insecure, when in fact centralized platforms are the ones that are insecure.

[Twentyonepaylots]

Tax marketing and customer service employee’s account on a support center platform

Sounds more like an inside job as without the proper authorization no one can access the account of an employee or the employee was a dumb.

Other reason can be that CryptoTrader do not have the highest level of security features or firewall activated in their system.

Anyways it is big dent to their reputation and trust.

Normally after the Twitter hack, everyone should check the system and improve its security... I don't think it is an inside job, but incompetence these days may cost companies much

It makes sense for a company like cryptotrader to check their security after a massive data breaching in twitter had occur however as for what I understand through reading the article there were no trace or evidence that they are breached but someone just saw it on the dark web. Does this mean that the hacker went easily to pass their security level? perhaps an inside job?

[snipie]

It makes sense for a company like cryptotrader to check their security after a massive data breaching in twitter had occur however as for what I understand through reading the article there were no trace or evidence that they are breached but someone just saw it on the dark web. Does this mean that the hacker went easily to pass their security level? perhaps an inside job?

If the hacker managed to have the credentials of an unaware employee then he can do whatever he wants without being detected likely. An inside job is possible too, although I don't tend to believe it, since I always ask what's the point of doing it and how much he will gain? Risk > benefits imo.

[btc_angela]

It makes sense for a company like cryptotrader to check their security after a massive data breaching in twitter had occur however as for what I understand through reading the article there were no trace or evidence that they are breached but someone just saw it on the dark web. Does this mean that the hacker went easily to pass their security level? perhaps an inside job?

If the hacker managed to have the credentials of an unaware employee then he can do whatever he wants without being detected likely. An inside job is possible too, although I don't tend to believe it, since I always ask what's the point of doing it and how much he will gain? Risk > benefits imo.

I also doubt that this is an inside job, usually hackers are targeting the weakest link in the chain, in this case, probably one employee who is very careless here and just clicking an external email and then boom, hackers have now access to their system using that employee's credential and then smooth sailing from then end. They could plant a backdoor as well and silently get all the necessary info and then sell it to the dark web.

[seoincorporation]

<…> How do they conclude that when the hacker successfully stole data from the website?

The article states it in the first few paragraphs:

<…> The hacker then screengrabbed samples of this sensitive information, posted them on the forum to entice potential buyers of the data trove and sent additional pictures to the source, who shared this evidence with CoinDesk. <…>

I figure that CryptoTrader.Tax had no hard time in verifying that the breach was real.

This case rings a bell (read notorious Twitter accounts used to scam recently), as the hack was allegedly performed by means of using a:

marketing and customer service employee’s account

That enabled the hacker to obtain inside information. Now how the company allowed for an external access to the system, even if the credentials were known, beats me. Nowadays, corporations can delimit external access through a range of mechanisms, which include verifying that the external device is authorised (i.e. account authorised vpn credentials + laptop authorization verification). Of course the hacker could have made the access through one of the employees devices, which would place a spotlight on who gave way for the breach to take place from his device.

First they see the hacker offering the information in the forum, after that i guess they review the security log in the server, and for sure there they see the DataBase dump... That's easy to do on linux, but the hard part of the problem is to identify the exploited vulnerability. The service can't come up again if they don't know how the attacker access...

[rexxarofmoknathal]

Tax marketing and customer service employee’s account on a support center platform

Sounds more like an inside job as without the proper authorization no one can access the account of an employee or the employee was a dumb.

I almost smell the same thing here, this might just be an non-authorization from the inside, as how else will the hacker get access to the passwords and stuff?  I even fear to think that the CryptoTrader didn't consider online attacks and got little security in place like firewall etc. This is why this is likely an attack with inside help/insight. The obvious conclusion is clear: CryptoTrader has now got some recovery to do both on clients part as well as  their own reputation

[Kelvinid]

The hackers never do the hard work and have those personal data easily because he knows it already as probably he is on the part of the company. A big question of why hackers know the password? it gives an idea that it was an inside job.

CryptoTrader.Tax’s security team investigated the breach and found tax filing account passwords and CryptoTrader.Tax’s website were not compromised, Kemmerer said. The team then alerted parties affected by the breach and took steps to improve security measures and monitoring systems across internal and third-party applications, Kemmerer said.

That would something give an idea that hackers is also familiar with the company and might one of their person.

Anyway, we only have that presumption at his time, it might be wrong or right but that is also happening in some cases.
We have to wait for another update and to know more who are/is involved in this hacking incident.

[AmoreJaz]

Tax marketing and customer service employee’s account on a support center platform

Sounds more like an inside job as without the proper authorization no one can access the account of an employee or the employee was a dumb.

Other reason can be that CryptoTrader do not have the highest level of security features or firewall activated in their system.

Anyways it is big dent to their reputation and trust.

very well it could be an inside job. remember the percentage of internal breaches is higher than other types like external, partners, multiple parties. so who knows that this security breach is because one of them decided to make his own decision? really is hard to trust your vital info these days. you'll never where it will end up to. so stay safe everybody!

[NotATether]

this is yet another reminder to use a different email address for every service though---if it gets leaked, no big deal.

And in fact this is possible, just create as many protonmail emails as you want. Though if they only stole email addresses and names then the worst they can do with it is get revenue by selling them to marketers that will send you spam offers. That would be pretty juvenile of them.