Bitcoin Forum
November 11, 2024, 05:38:49 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Personal data of 300K users, provided at BTC ATMs, allegedly in hacker's hands  (Read 258 times)
DdmrDdmr (OP)
Legendary
*
Offline Offline

Activity: 2492
Merit: 11049


There are lies, damned lies and statistics. MTwain


View Profile WWW
November 13, 2023, 09:36:10 AM
Merited by o_e_l_e_o (4), Lucius (1), ABCbits (1), Jawhead999 (1)
 #1

The context is that of users of Coin Cloud Bitcoin ATM users in USA and Brazil. Though the company file for bankruptcy in February 2023, and I believe that all their Bitcoin ATM network is now non-operational, somewhere along the line hackers claim to have managed to make away with a bunch of very concerning personal data for something like 300.000 customers, alongside some 70.000 selfies provided at the ATMs themselves. The hackers are sharing their claims in private channels.

Specifically, the stolen information seems to be:
Quote
<…>  Social Security Number, Date of Birth, First Name, Last Name, e-mail address, Telephone Number, Current Occupation, Physical Address, and more. <…>




Once more, KYC sensible data has been (potentially) filtered at a very dangerous level, including information of user’s home addresses and complete names. Though not mentioned, one wonders if linked addresses and/or TXs may also form part of the breach, which would only worsen the situation by providing some tenancy information on top of the above (this is my speculation, not information cited in the below referenced sources).

See:
https://cointelegraph.com/news/coin-cloud-data-hack-united-states-brazil
https://twitter.com/vxunderground/status/1723749038057574425
Lucius
Legendary
*
Offline Offline

Activity: 3416
Merit: 6149


Crypto Swap Exchange🈺


View Profile WWW
November 13, 2023, 09:53:33 AM
 #2

This looks like a leak of the Ledger database, only with the difference that the images of ATMs users are also included here. If we take into account that ATMs are usually the most expensive way of selling/buying cryptocurrencies, I wonder why all these users agreed to such KYC and did not use some CEX where they should still do KYC, but the fees would be many times less?

Also, considering that the company behind everything went bankrupt, is it possible that they (or one of their employees) actually sold that database?

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
krishnaverma
Full Member
***
hacker
Offline Offline

Activity: 1442
Merit: 108


View Profile
November 13, 2023, 10:07:40 AM
 #3

The context is that of users of Coin Cloud Bitcoin ATM users in USA and Brazil. Though the company file for bankruptcy in February 2023, and I believe that all their Bitcoin ATM network is now non-operational, somewhere along the line hackers claim to have managed to make away with a bunch of very concerning personal data for something like 300.000 customers, alongside some 70.000 selfies provided at the ATMs themselves. The hackers are sharing their claims in private channels.

Specifically, the stolen information seems to be:
Quote
<…>  Social Security Number, Date of Birth, First Name, Last Name, e-mail address, Telephone Number, Current Occupation, Physical Address, and more. <…>




Once more, KYC sensible data has been (potentially) filtered at a very dangerous level, including information of user’s home addresses and complete names. Though not mentioned, one wonders if linked addresses and/or TXs may also form part of the breach, which would only worsen the situation by providing some tenancy information on top of the above (this is my speculation, not information cited in the below referenced sources).

See:
https://cointelegraph.com/news/coin-cloud-data-hack-united-states-brazil
https://twitter.com/vxunderground/status/1723749038057574425


This data can be misused in many ways. Strong measures must be taken to stop such leaks in future.
ABCbits
Legendary
*
Offline Offline

Activity: 3052
Merit: 8074


Crypto Swap Exchange


View Profile
November 13, 2023, 10:08:30 AM
Merited by o_e_l_e_o (4)
 #4

This is yet another reason to reject KYC. It's also crazy SSN of the customers got leaked since AFAIK it's very important data for those who live in US.

If we take into account that ATMs are usually the most expensive way of selling/buying cryptocurrencies, I wonder why all these users agreed to such KYC and did not use some CEX where they should still do KYC, but the fees would be many times less?

In addition, CEX usually have better exchange rate. Anyway, i would guess the reason probably similar why people use ATM rather than mobile/internet banking, familiarity with or strong preferences towards ATM.

Also, considering that the company behind everything went bankrupt, is it possible that they (or one of their employees) actually sold that database?

That seems possible, but i think it's also possible the employee don't bother dispose the server securely.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Aanuoluwatofunmi
Sr. Member
****
Offline Offline

Activity: 770
Merit: 434



View Profile
November 13, 2023, 10:09:15 AM
 #5

Once more, KYC sensible data has been (potentially) filtered at a very dangerous level, including information of user’s home addresses and complete names. Though not mentioned, one wonders if linked addresses and/or TXs may also form part of the breach, which would only worsen the situation by providing some tenancy information on top of the above (this is my speculation, not information cited in the below referenced sources).

What a heck, I never thought as this could ever happened with the use of bitcoin ATM, this means that the service providers of these ATMs needs to be verified before using them and one cannot use any ATM anyhow, this is another important massive discovery in which most of the bitcoin privacy minded user's might not have given attention to, getting to know about this, it may results i having a decline in the rate of people using the bitcoin ATM because they know that their privacy informations are not secured, but sadly it's also ridiculous to see that using a bitcoin ATM is one of the worst mean of exposing our privacy.

████████▄▄▄▄▄▄▀▀▀▀▀▀▄
███▄▀▀▀▀▀███████████
███▐▌████████████▀█▀▐▌
███▐▌███▄█▀█████████████████▄▄▄▄
▄▀█████▐█████████▄▄▄▐█▌▄█▌██▀▀
██████▐███▐██▌▄█▀▀▀▐█████▀███▄
▐█
██▐▌██▐████▌█▌█▌███▐█▌█▄▄▄▄██
▐██
▐▌██▐█▌▐█▀█▌▀█▄▄█▐███▀▀▀▀▀▀
████████▐█▌█▌▀▀▀██▀▀████▄▌████▄
███▄███▌▐████▄██▌█▌██▐████▌█▌▄█▀
██▐█▄▄▄▄██████████▌██▐████▌█▌▐██
███▀███▀▀████▌█████▄▄▐█▄▄█▌██▀▀
████████████▀███▌▀▀▀▀██▀▀
▄███████████████████████▄
█▌▐▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▌▐█
█▌▐█████▌▐█████▌▐█████▌▐█
█▌▐█▄▄▄█▌▐█▄▄▄█▌▐█▄▄▄█▌▐█
█▌▐██▀▄█▌▐██▀▄█▌▐██▀▄█▌▐█
█▌▐██░██▌▐██░██▌▐██░██▌▐█
█▌▐█████▌▐█████▌▐█████▌▐█
█▌▐▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▌▐█
█████████████████████████
▀██████████▀▀▀██████████▀
███████
▄███████████▄
IN-HOUSE
SLOTS
LIVE GAMES
TABLE
NO FEES ON
BITCOIN WITHDRAWALS

▄▄███████▄▄
▄███████████████▄
▄███████████████████▄
▄█████████████████████▄
▄███████████████████████▄
█████████████████████████
████████████████████████
█████████████████████████
▀██████████████████████▀
▀█████████████████████▀
▀███████████████████▀
▀███████████████▀
▀▀███████▀▀

▀███████████▀
[
[
RELOAD
BONUS
 

RAKEBACK
BONUS
]
]
[
[
FREE
COINS
 

VIP
REWARDS
]
]
[ 
 Play Now
]
Nwada001
Hero Member
*****
Offline Offline

Activity: 756
Merit: 690



View Profile
November 13, 2023, 10:26:49 AM
 #6


If we take into account that ATMs are usually the most expensive way of selling/buying cryptocurrencies, I wonder why all these users agreed to such KYC and did not use some CEX where they should still do KYC, but the fees would be many times less?

In addition, CEX usually have better exchange rate. Anyway, i would guess the reason probably similar why people use ATM rather than mobile/internet banking, familiarity with or strong preferences towards ATM.

One thing I notice most people make use of bitcoin ATM rather than exchange is that they result of them believing it's easy to use something, and they find CEX KYC very stressful to pass. The majority of bitcoin ATMs also don't request much data for verification some only request the mobile number and the selfies the machine took from their customers to explain why they are conducting the transaction.
 
Many people who I believe make use of Bitcoin ATMs are those who are so afraid of exchange, as many people believe they need some sort of skill before they can successfully buy from an exchange and make a good withdrawal with issue. I said this due to the experience I have had with a relative away who struggled to send bitcoin over to me sometime ago, even with the direction I gave her, she still ended up not being able to do it herself, and anything that has to do with online and they don't see a physical shop, most people have trust issues with that.

 
█▄
R


▀▀██████▄▄
████████████████
▀█████▀▀▀█████
████████▌███▐████
▄█████▄▄▄█████
████████████████
▄▄██████▀▀
LLBIT▀█ 
  TH#1 SOLANA CASINO  
████████████▄
▀▀██████▀▀███
██▄▄▀▀▄▄████
████████████
██████████
███▀████████
▄▄█████████
████████████
████████████
████████████
████████████
█████████████
████████████▀
████████████▄
▀▀▀▀▀▀▀██████
████████████
███████████
██▄█████████
████▄███████
████████████
█░▀▀████████
▀▀██████████
█████▄█████
████▀▄▀████
▄▄▄▄▄▄▄██████
████████████▀
........5,000+........
GAMES
 
......INSTANT......
WITHDRAWALS
..........HUGE..........
REWARDS
 
............VIP............
PROGRAM
 .
   PLAY NOW    
[/quote]
Code:
[center][table][tr][td][/td][td][size=20pt][nbsp]
[size=6pt][color=#65e]█▄[/td]
[td][font=arial black][size=24pt]R[/size][/font][/td]
[td][size=2pt]


[color=#fec]▀[color=#fda]▀[color=#fc9]▀[color=#eb7]▀[color=#eb5]▀[col
Jawhead999
Legendary
*
Offline Offline

Activity: 1820
Merit: 1208



View Profile
November 13, 2023, 10:38:43 AM
 #7

What a heck, I never thought as this could ever happened with the use of bitcoin ATM, this means that the service providers of these ATMs needs to be verified before using them and one cannot use any ATM anyhow
I think not all bitcoin ATMs are asking KYC, that's why some users suggest Bitcoin ATMs when someone want to deal without KYC.

is it possible that they (or one of their employees) actually sold that database?
Talking a possibility, yes there's.

But the employees must be have had share their personal identity to the employer. In case something bad happen (like this one), the employees would be the first one that being investigated, so it's easy to catch him/them.

▄▄███████████████████▄▄
▄███████████████████████▄
████████▀░░░░░░░▀████████
███████░░░░░░░░░░░███████
███████░░░░░░░░░░░███████
██████▀░░░░░░░░░░░▀██████
██████▄░░░░░▄███▄░▄██████
██████████▀▀█████████████
████▀▄██▀░░░░▀▀▀░▀██▄▀███
███░░▀░░░░░░░░░░░░░▀░░███
████▄▄░░░░▄███▄░░░░▄▄████
▀███████████████████████▀
▀▀███████████████████▀▀
 
 CHIPS.GG 
▄▄███████▄▄
▄████▀▀▀▀▀▀▀████▄
███▀░▄░▀▀▀▀▀░▄░▀███
▄███
░▄▀░░░░░░░░░▀▄░███▄
▄███░▄░░░▄█████▄░░░▄░███▄
███░▄▀░░░███████░░░▀▄░███
███░█░░░▀▀▀▀▀░░░▀░░░█░███
███░▀▄░▄▀░▄██▄▄░▀▄░▄▀░██
▀███
░▀░▀▄██▀░▀██▄▀░▀░██▀
▀███
░▀▄░░░░░░░░░▄▀░██▀
▀███▄
░▀░▄▄▄▄▄░▀░▄███▀
▀█
███▄▄▄▄▄▄▄████▀
█████████████████████████
▄▄███████▄▄
███
████████████▄
▄█▀▀▀▄
█████████▄▀▀▀█▄
▄██████▀▄▄▄▄▄▀██████▄
▄█████████████▄████████▄
████████▄███████▄████████
█████▄█████████▄██████
██▄▄▀▀▀▀█████▀▀▀▀▄▄██
▀█████████▀▀███████████▀
▀███████████████████▀
██████████████████
▀████▄███▄▄
████▀
████████████████████████
3000+
UNIQUE
GAMES
|
12+
CURRENCIES
ACCEPTED
|
VIP
REWARD
PROGRAM
 
 
  Play Now  
posi
Hero Member
*****
Offline Offline

Activity: 2282
Merit: 579


DGbet.fun - Crypto Sportsbook


View Profile
November 13, 2023, 10:55:35 AM
 #8

Once more, KYC sensible data has been (potentially) filtered at a very dangerous level, including information of user’s home addresses and complete names. Though not mentioned, one wonders if linked addresses and/or TXs may also form part of the breach, which would only worsen the situation by providing some tenancy information on top of the above (this is my speculation, not information cited in the below referenced sources).

What a heck, I never thought as this could ever happened with the use of bitcoin ATM, this means that the service providers of these ATMs needs to be verified before using them and one cannot use any ATM anyhow, this is another important massive discovery in which most of the bitcoin privacy minded user's might not have given attention to, getting to know about this, it may results i having a decline in the rate of people using the bitcoin ATM because they know that their privacy informations are not secured, but sadly it's also ridiculous to see that using a bitcoin ATM is one of the worst mean of exposing our privacy.

Once you use bitcoin in public, your privacy is also at risk, so using a bitcoin ATM or using bitcoin for payment will not guarantee our privacy. But people both want to ensure privacy and ensure that bitcoin will become a popular means of payment around the world. I really see the contradiction in our thoughts. Once we use KYC anywhere, the risk of information being stolen or sold is inevitable, even banks are selling our information.

Yamane_Keto
Hero Member
*****
Offline Offline

Activity: 630
Merit: 510



View Profile WWW
November 13, 2023, 11:17:40 AM
 #9

What makes a Bitcoin ATM company service request detailed data such as professions, physical addresses, social security numbers, and other data from the company, such as ATM transactions worth $100 to $5,000? Through this, Basic KYC, such as full name or passport photo, is sufficient, especially since the amount is less what requests by anti-money laundering services, which may request data such as the nature of income, position, and physical address.

This reminds me of the same data leak that happened to FTX after it filed for bankruptcy.

えいごをはなせますか。
yazher
Hero Member
*****
Offline Offline

Activity: 2268
Merit: 588


You own the pen


View Profile
November 13, 2023, 11:25:59 AM
 #10

Honestly, this is not good, especially for those people who are vulnerable to attacks because they don't have enough security in their homes. There are lots of incidents where people are kidnapped and attacked to steal their bitcoins from them after they flex their BTC balance or someone just knows they have them. they were forced to ransom their selfs in order to save them from these bad people who wanted to steal their BTC. That's why we really need to save our address in order to prevent such things from happening to us especially our personal address and BTC balance.

Text
Hero Member
*****
Offline Offline

Activity: 2548
Merit: 607



View Profile
November 13, 2023, 11:39:54 AM
 #11

Instead of being convenient to use, there is a trade-off with added concerns due to the possibility of becoming a victim of identity theft and being used in cybercrimes. They need to monitor their bank accounts and credit reports for the aftermath of the breach, and it's worrisome to be in such a situation, as I won't be at ease. KYC is for identity verification, but it's disheartening to think that your personal information could be at risk of being used for malicious purposes such as deepfakes and other forms of impersonation.

Odohu
Hero Member
*****
Offline Offline

Activity: 560
Merit: 524



View Profile WWW
November 13, 2023, 11:50:50 AM
 #12

This looks like a leak of the Ledger database, only with the difference that the images of ATMs users are also included here. If we take into account that ATMs are usually the most expensive way of selling/buying cryptocurrencies, I wonder why all these users agreed to such KYC and did not use some CEX where they should still do KYC, but the fees would be many times less?
At first, I felt that Bitcoin ATM I'd one innovation that will Foster greater acceptance and adoption of Bitcoin as it offers more flexibility and accessibility to Bitcoin. Unfortunately,  events surrounding the operation of these ATMs and issues such as this one leaves nothing to be desired.

Also, considering that the company behind everything went bankrupt, is it possible that they (or one of their employees) actually sold that database?
This is likely the case...it was an easy money for whoever was involved since the company was already bankrupt.  This may benthe fate of most platforms hence the reason for my fears regarding KYC.

R


▀▀▀▀▀▀▀██████▄▄
████████████████
▀▀▀▀█████▀▀▀█████
████████▌███▐████
▄▄▄▄█████▄▄▄█████
████████████████
▄▄▄▄▄▄▄██████▀▀
LLBIT|
4,000+ GAMES
███████████████████
██████████▀▄▀▀▀████
████████▀▄▀██░░░███
██████▀▄███▄▀█▄▄▄██
███▀▀▀▀▀▀█▀▀▀▀▀▀███
██░░░░░░░░█░░░░░░██
██▄░░░░░░░█░░░░░▄██
███▄░░░░▄█▄▄▄▄▄████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
█████████
▀████████
░░▀██████
░░░░▀████
░░░░░░███
▄░░░░░███
▀█▄▄▄████
░░▀▀█████
▀▀▀▀▀▀▀▀▀
█████████
░░░▀▀████
██▄▄▀░███
█░░█▄░░██
░████▀▀██
█░░█▀░░██
██▀▀▄░███
░░░▄▄████
▀▀▀▀▀▀▀▀▀
||.
|
▄▄████▄▄
▀█▀
▄▀▀▄▀█▀
▄░░▄█░██░█▄░░▄
█░▄█░▀█▄▄█▀░█▄░█
▀▄░███▄▄▄▄███░▄▀
▀▀█░░░▄▄▄▄░░░█▀▀
░░██████░░█
█░░░░▀▀░░░░█
▀▄▀▄▀▄▀▄▀▄
▄░█████▀▀█████░▄
▄███████░██░███████▄
▀▀██████▄▄██████▀▀
▀▀████████▀▀
.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
░▀▄░▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄░▄▀
███▀▄▀█████████████████▀▄▀
█████▀▄░▄▄▄▄▄███░▄▄▄▄▄▄▀
███████▀▄▀██████░█▄▄▄▄▄▄▄▄
█████████▀▄▄░███▄▄▄▄▄▄░▄▀
███████████░███████▀▄▀
███████████░██▀▄▄▄▄▀
███████████░▀▄▀
████████████▄▀
███████████
▄▄███████▄▄
▄████▀▀▀▀▀▀▀████▄
▄███▀▄▄███████▄▄▀███▄
▄██▀▄█▀▀▀█████▀▀▀█▄▀██▄
▄██▀▄███░░░▀████░███▄▀██▄
███░████░░░░░▀██░████░███
███░████░█▄░░░░▀░████░███
███░████░███▄░░░░████░███
▀██▄▀███░█████▄░░███▀▄██▀
▀██▄▀█▄▄▄██████▄██▀▄██▀
▀███▄▀▀███████▀▀▄███▀
▀████▄▄▄▄▄▄▄████▀
▀▀███████▀▀
OFFICIAL PARTNERSHIP
SOUTHAMPTON FC
FAZE CLAN
SSC NAPOLI
acroman08
Legendary
*
Online Online

Activity: 2506
Merit: 1112



View Profile
November 13, 2023, 01:23:01 PM
 #13

seeing the news that was posted here in the forum about the Swedish couple who was tortured by criminals in order to get access to their Bitcoin assets makes this incident a lot scarier.

Also, considering that the company behind everything went bankrupt, is it possible that they (or one of their employees) actually sold that database?
it's possible, I mean it is not the first time a company has sold their user's sensitive data to get money from it.

▄▄███████▄▄
▄██████████████▄
▄██████████████████▄
▄████▀▀▀▀███▀▀▀▀█████▄
▄█████████████▄█▀████▄
███████████▄███████████
██████████▄█▀███████████
██████████▀████████████
▀█████▄█▀█████████████▀
▀████▄▄▄▄███▄▄▄▄████▀
▀██████████████████▀
▀███████████████▀
▀▀███████▀▀
.
 MΞTAWIN  THE FIRST WEB3 CASINO   
.
.. PLAY NOW ..
EluguHcman
Sr. Member
****
Offline Offline

Activity: 504
Merit: 254



View Profile WWW
February 18, 2024, 08:00:45 PM
 #14

The context is that of users of Coin Cloud Bitcoin ATM users in USA and Brazil. Though the company file for bankruptcy in February 2023, and I believe that all their Bitcoin ATM network is now non-operational, somewhere along the line hackers claim to have managed to make away with a bunch of very concerning personal data for something like 300.000 customers, alongside some 70.000 selfies provided at the ATMs themselves. The hackers are sharing their claims in private channels.
I don't have technical knowledge about this but with related experiences I have heard about hackers penetrating persons banks account through the ATM machines that retains the ATMs operators informations even after the ATM cards are ejected out from the machines.
I think they have a hardware device which is slotted in a Port of the ATM machines and reconfigures the machines programs and then they takes over the ATM machines language commands restoring the details of the previous ATM users.
I think I would blame the scientific technology of the ATMs operating system that stores informations of users in the machines else I don't think if this individual documents could be so easily comprised without obtaining the hardware device (ATM card). Hence I would suggest that the file that detects and stores this operators users of the ATMs should be abolished if possible to manage illegal intrudement of these hackers.
My little thoughts though!

quote author=DdmrDdmr link=topic=5473882.msg63149547#msg63149547 date=1699868170]
Specifically, the stolen information seems to be:
Quote
<…>  Social Security Number, Date of Birth, First Name, Last Name, e-mail address, Telephone Number, Current Occupation, Physical Address, and more. <…>
Most times, some of our personal full details should be kept private even though they are not secret keys because there would always be a way for compromise.
We are in the era of an advanced technology where impossibilities could be possible but at least, taken concious measures should be a paramount.











██
██
██████
R


▀▀██████▄▄
████████████████
▀█████▀▀▀█████
████████▌███▐████
▄█████▄▄▄█████
████████████████
▄▄██████▀▀
LLBIT
██████
██
██
██████
██
██
██
██
██
██
██
██
██
██
██
██████
██████████████
 
 TH#1 SOLANA CASINO 
██████████████
██████
██
██
██
██
██
██
██
██
██
██
██
██████
████████████▄
▀▀██████▀▀███
██▄▄▀▀▄▄████
████████████
██████████
███▀████████
▄▄█████████
████████████
████████████
████████████
████████████
█████████████
████████████▀
████████████▄
▀▀▀▀▀▀▀██████
████████████
███████████
██▄█████████
████▄███████
████████████
█░▀▀████████
▀▀██████████
█████▄█████
████▀▄▀████
▄▄▄▄▄▄▄██████
████████████▀
[
[
5,000+
GAMES
INSTANT
WITHDRAWALS
][
][
HUGE
   REWARDS   
VIP
PROGRAM
]
]
████
██
██
██
██
██
██
██
██
██
██
██
████
████████████████████████████████████████████████
 
PLAY NOW
 

████████████████████████████████████████████████
████
██
██
██
██
██
██
██
██
██
██
██
████
Casdinyard
Hero Member
*****
Offline Offline

Activity: 2184
Merit: 891


Leading Crypto Sports Betting and Casino Platform


View Profile
February 18, 2024, 10:01:22 PM
 #15

The context is that of users of Coin Cloud Bitcoin ATM users in USA and Brazil. Though the company file for bankruptcy in February 2023, and I believe that all their Bitcoin ATM network is now non-operational, somewhere along the line hackers claim to have managed to make away with a bunch of very concerning personal data for something like 300.000 customers, alongside some 70.000 selfies provided at the ATMs themselves. The hackers are sharing their claims in private channels.

Specifically, the stolen information seems to be:
Quote
<…>  Social Security Number, Date of Birth, First Name, Last Name, e-mail address, Telephone Number, Current Occupation, Physical Address, and more. <…>




Once more, KYC sensible data has been (potentially) filtered at a very dangerous level, including information of user’s home addresses and complete names. Though not mentioned, one wonders if linked addresses and/or TXs may also form part of the breach, which would only worsen the situation by providing some tenancy information on top of the above (this is my speculation, not information cited in the below referenced sources).

See:
https://cointelegraph.com/news/coin-cloud-data-hack-united-states-brazil
https://twitter.com/vxunderground/status/1723749038057574425

Fuck. The very moment that you put you guard down and actually try out a bitcoin ATM, you subject yourself to risks of not only having your bitcoins stolen, but also getting your identity stolen at the same damn time. Since Coin Cloud's not operational anymore, who's gonna be responsible for the recompense that these 300k users will have to receive given the fact that their important info just got into the wrong hands.

As someone who personally experienced a similar situation as these poor folks (I got my PC contracted with a malware who not only stole my wallet's contents, but also stole important files on my harddrive and even went so far as to use my PC as an ethereum miner), what I would highly suggest they do is immediately get to the police to file a formal complaint even if the details on how to get the perpetrators apprehended are a little cloudy at the moment. The thing is that the police and justice units must know about this first and deem this as a major threat to mobilize their units and have them get to the bottom of this whole situation. Plus it's not that hard to imagine these hackers being in the same state or perhaps country as the victims considering that they only attacked a singular brand of ATM, which means investigation could go smooth and safe for the users who just got their information leaked.

While investigation is carrying on they need to secure their information by making sure that all their emails, if unable to be deleted, have their passwords changed and their 2FA activated. Their mobile numbers must also be changed, these are the most important things one should do soon as they find out they are exploited for the information they can provide.

..Stake.com..   ▄████████████████████████████████████▄
   ██ ▄▄▄▄▄▄▄▄▄▄            ▄▄▄▄▄▄▄▄▄▄ ██  ▄████▄
   ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██  ██████
   ██ ██████████ ██      ██ ██████████ ██   ▀██▀
   ██ ██      ██ ██████  ██ ██      ██ ██    ██
   ██ ██████  ██ █████  ███ ██████  ██ ████▄ ██
   ██ █████  ███ ████  ████ █████  ███ ████████
   ██ ████  ████ ██████████ ████  ████ ████▀
   ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
   ██            ▀▀▀▀▀▀▀▀▀▀            ██ 
   ▀█████████▀ ▄████████████▄ ▀█████████▀
  ▄▄▄▄▄▄▄▄▄▄▄▄███  ██  ██  ███▄▄▄▄▄▄▄▄▄▄▄▄
 ██████████████████████████████████████████
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█  ▄▀▄             █▀▀█▀▄▄
█  █▀█             █  ▐  ▐▌
█       ▄██▄       █  ▌  █
█     ▄██████▄     █  ▌ ▐▌
█    ██████████    █ ▐  █
█   ▐██████████▌   █ ▐ ▐▌
█    ▀▀██████▀▀    █ ▌ █
█     ▄▄▄██▄▄▄     █ ▌▐▌
█                  █▐ █
█                  █▐▐▌
█                  █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█
▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀       ▐█▌       ▀█▄
██         ▐█▌         ██
████▄     ▄█████▄     ▄████
████████▄███████████▄████████
███▀    █████████████    ▀███
██       ███████████       ██
▀█▄       █████████       ▄█▀
▀█▄    ▄██▀▀▀▀▀▀▀██▄  ▄▄▄█▀
▀███████         ███████▀
▀█████▄       ▄█████▀
▀▀▀███▄▄▄███▀▀▀
..PLAY NOW..
AmoreJaz
Legendary
*
Offline Offline

Activity: 3276
Merit: 1104


Leading Crypto Sports Betting & Casino Platform


View Profile
February 18, 2024, 10:48:47 PM
 #16

seeing the news that was posted here in the forum about the Swedish couple who was tortured by criminals in order to get access to their Bitcoin assets makes this incident a lot scarier.

Also, considering that the company behind everything went bankrupt, is it possible that they (or one of their employees) actually sold that database?
it's possible, I mean it is not the first time a company has sold their user's sensitive data to get money from it.

inside job is also very possible in this case. for those users affected, better change other details that they think can b compromised. be cautious also for something that they will receive via emails claiming they need to log in or access any website to recover their lost keys or something. scammers will always find a way how to take the bait to their potential victims.

..Stake.com..   ▄████████████████████████████████████▄
   ██ ▄▄▄▄▄▄▄▄▄▄            ▄▄▄▄▄▄▄▄▄▄ ██  ▄████▄
   ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██  ██████
   ██ ██████████ ██      ██ ██████████ ██   ▀██▀
   ██ ██      ██ ██████  ██ ██      ██ ██    ██
   ██ ██████  ██ █████  ███ ██████  ██ ████▄ ██
   ██ █████  ███ ████  ████ █████  ███ ████████
   ██ ████  ████ ██████████ ████  ████ ████▀
   ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
   ██            ▀▀▀▀▀▀▀▀▀▀            ██ 
   ▀█████████▀ ▄████████████▄ ▀█████████▀
  ▄▄▄▄▄▄▄▄▄▄▄▄███  ██  ██  ███▄▄▄▄▄▄▄▄▄▄▄▄
 ██████████████████████████████████████████
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█  ▄▀▄             █▀▀█▀▄▄
█  █▀█             █  ▐  ▐▌
█       ▄██▄       █  ▌  █
█     ▄██████▄     █  ▌ ▐▌
█    ██████████    █ ▐  █
█   ▐██████████▌   █ ▐ ▐▌
█    ▀▀██████▀▀    █ ▌ █
█     ▄▄▄██▄▄▄     █ ▌▐▌
█                  █▐ █
█                  █▐▐▌
█                  █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█
▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀       ▐█▌       ▀█▄
██         ▐█▌         ██
████▄     ▄█████▄     ▄████
████████▄███████████▄████████
███▀    █████████████    ▀███
██       ███████████       ██
▀█▄       █████████       ▄█▀
▀█▄    ▄██▀▀▀▀▀▀▀██▄  ▄▄▄█▀
▀███████         ███████▀
▀█████▄       ▄█████▀
▀▀▀███▄▄▄███▀▀▀
..PLAY NOW..
Assface16678
Full Member
***
Offline Offline

Activity: 1484
Merit: 136


★Bitvest.io★ Play Plinko or Invest!


View Profile
February 18, 2024, 11:15:00 PM
 #17

seeing the news that was posted here in the forum about the Swedish couple who was tortured by criminals in order to get access to their Bitcoin assets makes this incident a lot scarier.

Also, considering that the company behind everything went bankrupt, is it possible that they (or one of their employees) actually sold that database?
it's possible, I mean it is not the first time a company has sold their user's sensitive data to get money from it.

inside job is also very possible in this case. for those users affected, better change other details that they think can b compromised. be cautious also for something that they will receive via emails claiming they need to log in or access any website to recover their lost keys or something. scammers will always find a way how to take the bait to their potential victims.
True, this could be done by someone with access to the database of the said ATM or bank, because as a developer in database management, I can say that the sample information is in database format, or it is usually the structure of a row of data in a database, and it is alarming because if someone really releases it or gives it to hackers, then hackers could take advantage of this information as the information is crucial and vital. This should be actioned by the bank owner, or else they will be charged with heavy cases, and for those customers, better change the password or information of your account that is in that ATM, or else there will be inconvenience and, at worst, hackers might get something from you. I hope not all information is being extracted from the database, or else it will be doom for those users.

adaseb
Legendary
*
Offline Offline

Activity: 3878
Merit: 1733


View Profile
February 19, 2024, 05:20:18 AM
 #18

I don’t understand why people use a bitcoin atm which requires KYC which a CEX also requires but is much more secure. And the fees are much much cheaper. Most exchanges you trade at 0.15-0.25% while a bitcoin atm is like 10%. Add in the fact that you need to KYC, I don’t see the point. Maybe it’s due to speed.

And yes all the bitcoin atms have a camera, and I am pretty sure it always records not only for the selfie image verification. This has been present in most bitcoin atms including the early ones.
Kakmakr
Legendary
*
Offline Offline

Activity: 3542
Merit: 1965

Leading Crypto Sports Betting & Casino Platform


View Profile
February 19, 2024, 05:25:58 AM
 #19

Well, the selfie in it self might not be an issue, if the scribbling on the poster, refer to the service that it was used for.

I always add the name of the service, where I use the photo or documents, so that it can be traced back to the origin of the leak.  Wink

When I make a certified copy of the original, I write the name of the service for which it is used... on top of it.

..Stake.com..   ▄████████████████████████████████████▄
   ██ ▄▄▄▄▄▄▄▄▄▄            ▄▄▄▄▄▄▄▄▄▄ ██  ▄████▄
   ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██  ██████
   ██ ██████████ ██      ██ ██████████ ██   ▀██▀
   ██ ██      ██ ██████  ██ ██      ██ ██    ██
   ██ ██████  ██ █████  ███ ██████  ██ ████▄ ██
   ██ █████  ███ ████  ████ █████  ███ ████████
   ██ ████  ████ ██████████ ████  ████ ████▀
   ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
   ██            ▀▀▀▀▀▀▀▀▀▀            ██ 
   ▀█████████▀ ▄████████████▄ ▀█████████▀
  ▄▄▄▄▄▄▄▄▄▄▄▄███  ██  ██  ███▄▄▄▄▄▄▄▄▄▄▄▄
 ██████████████████████████████████████████
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█  ▄▀▄             █▀▀█▀▄▄
█  █▀█             █  ▐  ▐▌
█       ▄██▄       █  ▌  █
█     ▄██████▄     █  ▌ ▐▌
█    ██████████    █ ▐  █
█   ▐██████████▌   █ ▐ ▐▌
█    ▀▀██████▀▀    █ ▌ █
█     ▄▄▄██▄▄▄     █ ▌▐▌
█                  █▐ █
█                  █▐▐▌
█                  █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█
▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀       ▐█▌       ▀█▄
██         ▐█▌         ██
████▄     ▄█████▄     ▄████
████████▄███████████▄████████
███▀    █████████████    ▀███
██       ███████████       ██
▀█▄       █████████       ▄█▀
▀█▄    ▄██▀▀▀▀▀▀▀██▄  ▄▄▄█▀
▀███████         ███████▀
▀█████▄       ▄█████▀
▀▀▀███▄▄▄███▀▀▀
..PLAY NOW..
CODE200
Sr. Member
****
Offline Offline

Activity: 1484
Merit: 323


View Profile
February 19, 2024, 05:30:48 AM
 #20

This is why I always wear a face mask whenever I go to the ATM or maybe even just let my parents use their own cards to get the money that I've transferred to their account, that way I don't have any interaction and even if my data is compromised, my face isn't the one posted. Has anyone presented or raised a bid to buy those data already? I assume that with all the information that was compromised, the price for the list is bound to be a lot of money. Man, with this kind of thing happening, KYC is becoming less and less attractive to me because I do consider that KYC can help with the AML policies surrounding cryptospace but at the same time, when things like this happen all the time, I just don't think that it's a good idea to advocate for it anymore.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!