- Defuncy crypto ATM company Coin Cloud has prevented a second hack within a year
- Hackers tried to steal the personal data of tens of thousands of former customers
- Coin Cloud suffered a major data breach last year, which saw 300,000 customers’ data stolen
Bankrupt crypto ATM operator Coin Cloud has prevented a second devastating hack in a year after someone tried to steal the personal data of 58,000 former customers. A filing with the Maine Attorney General reveals that Coin Cloud, which filed for bankruptcy in February 2023, suffered the breach on 30 September, informing customers just last week. In 2023, the sensitive personal information of about 300,000 customers across the United States and Brazil was stolen, including dates of birth and customer photographs.
Coin Cloud Prevents a Repeat
Coin Cloud filed for bankruptcy in February 2023 at the height of the crypto winter, a move which left security experts concerned about the personal data held on its servers. Their concerns were proved correct last November when cybersecurity collective vx-underground revealed that hackers had claimed to have stolen 70,000 pictures of customers taken from cameras embedded in the ATMs, as well as the personal data of 300,000 customers, including full names, email addresses, telephone numbers, physical addresses, Social Security numbers, and dates of birth.
In addition to personal data, the attackers claimed to have obtained the source code for Coin Cloud’s backend systems, potentially exposing the company’s internal operations and security mechanisms. Coin Cloud never publicly acknowledged how the hackers accessed their systems, leading to further concerns that a repeat could occur, which it very nearly did.
New Hack Targeted 58,000 Customers
The new hack took place in September, with Coin Cloud filing a notice with the Maine Attorney General on 18 November. It sent a letter to all those affected last week, in which it revealed that hackers “gained unauthorized access to one of our servers by exploiting a vulnerability in software provided by a third party.” According to contract auditors at crypto cybersecurity firm Hacken Ataberk Yavuzer and Olesia Bilenka, the incident occurred due to an “unpatched or outdated GitLab system,” adding that “inadequate server segmentation” could have allowed attackers to access sensitive customer data.
This time around, however, Coin Cloud managed to prevent more damage:
Upon discovery of the incident, our team immediately shut down our platform, isolated the bad actor, and secured the compromised server. We also made immediate enhancements to our systems, security, and practices.
Despite no data being stolen this time round, Coin Cloud is still advising customers to take the following steps:
- Monitor their financial accounts for any unusual activity
- Consider placing fraud alerts or credit freezes with major credit bureaus
- Be vigilant for phishing attempts or suspicious communications
- Consult with identity theft protection services for further assistance
This incident underscores the critical importance of robust cybersecurity measures, especially for companies handling sensitive personal and financial data. It also highlights the potential long-term risks associated with data breaches, as information can remain vulnerable even after a company’s operations have ceased.
