Personal data of 300K users, provided at BTC ATMs, allegedly in hacker's hands

[Mate2237]

Wow! This is bad and once your date of birth , your phone your names and other KYC information are known by hackers then they would will use it to access your account. And mostly your phone number. If they have access to your phone number, the physical hardware then they would drain your account. Personally I was not thinking that BTC ATM can be hacked easily like that because I have not heard anything concerning on the Fiat ATM hacked since when I have started using banks. Because ATM is well protected so if ATM data is leaked then insider my be involved and given the information to the outsider to have access to database of the ATM.

Hackers are upgrading their methods to attack new technologies every day. So we should be careful with our information in the public domain. Now we have seen this and we don't know which is next. Well we have not gotten Bitcoin ATM in our region or area so most of us don't know how it operate.

[Luzin]

What makes a Bitcoin ATM company service request detailed data such as professions, physical addresses, social security numbers, and other data from the company, such as ATM transactions worth $100 to $5,000? Through this, Basic KYC, such as full name or passport photo, is sufficient, especially since the amount is less what requests by anti-money laundering services, which may request data such as the nature of income, position, and physical address.

Was this purely hacked or was it deliberately sold by a bankrupt ATM service owner? Quite surprised by this condition, but luckily I have never used crypto ATM services because there is no one in my country.
A few days ago I had written about the decline of crypto ATMs in the world. There are also new regulations in the United States in the state of California regarding transaction restrictions. The California government took the step because of the widespread use of crime through crypto ATMs. I hope this incident makes Crypto ATM manufacturers increase security if they want to stay afloat. This condition certainly aggravates the situation.

[DaveF]

From here: https://techcrunch.com/2023/12/12/bitcoin-atm-company-coin-cloud-got-hacked/

“The data breach happened a while ago as Coin Cloud has been hacked multiple times in the past when they were still an operating company,” said Barnard. “I believe that data is just now being ransomed. It’s impossible to say [when] as there were little controls throughout the software development process and multiple international contractors had access to source code that contained secrets within it to access the [database],” Barnard said in an email.

Could have been an inside job before they went bankrupt, could have been an inside job with one of the aquisations by someone who felt they did not get when they were entitlted to, could have been a hack.

I have used BATMs a few times, never needed to give my SSN. Makes you wonder how much BTC / $ those people were moving through the machines that they needed that kind of KYC. For the most part a drivers license or similar is all that was asked for.

-Dave

[Zlantann]

Although the original post is more than three months old I find it very interesting. It is also timely because we have a current thread in the forum about a member who said he used a Bitcoin ATM and he said he was excited. From this news you don't have to be excited, you should be scared because you just gave out your data cheaply to third parties. It also amazes me why people use Bitcoin ATMs where they can easily use decentralized exchanges.

I am afraid that these people will now become targets of criminals because many people think that anyone who owns Bitcoin is rich. This is a reminder that third parties are not to be trusted with personal information. Maybe they were asked to take pictures in the ATM as part of their KYC or were they just selfies out of the excitement of using a Bitcoin ATM?