Byte Federal, one of the largest bitcoin ATM operators in the US, has had tens of thousands of its customers exposed, revealing anything from phone numbers to selfies.
Nearly 60,000 Byte Federal customers have received data breach notices regarding the situation. They were informed that attackers had exploited a software flaw in GitLab to access one of the company’s servers. Many organizations rely on GitLab for developers to manage code and software development workflows.
Information that the company submitted to the Maine Attorney General indicates the attack occurred on September 30th, 2024, with Byte Federal discovering the issue on November 18th. While the crypto ATM operator claims that no user funds or assets were compromised, the exploit allowed attackers to access vast amount of personal and sensitive data including:
- Names
- Birth dates
- Addresses
- Phone numbers
- Email addresses
- Government-issued IDs
- Social Security numbers
- Transaction activity
- Photographs of users
“However, we have no evidence at this time that any of your personal information was actually compromised or misused in any manner,” Byte Federal said.
Attackers could utilize stolen details for malicious purposes, for example, to conduct sophisticated identity theft operations, try to create new credit accounts, and take out loans. Additionally, leaked transaction data could reveal users’ crypto holdings, making them prime targets for phishing attacks and theft attempts.
Since attackers managed to access user photographs, they could attempt to complete Know Your Customer (KYC) verification steps, in essence impersonating users to set up new crypto accounts, a treasured possession among cybercrooks.
The company explained that the compromised server was immediately shut down after discovering the issue. Additionally, a hard reset on all user accounts was carried out, with the company’s internal passwords, password management systems as well as tokens and keys updated.
“If you have not reset your login credentials for access to Byte Federal services, please do so now,” the bitcoin cash point operator said.
Headquartered in Venice, Florida, Byte Federal operates over 1,300 bitcoin ATMs across the US, making it among the largest in the country. According to data from CoinATMRadar, the largest crypto ATM operator in the US is Bitcoin Depot with 8,100 terminals.
Byte Federal is hardly the first crypto cash point operator whose users have had their data exposed. Last year, CoinFlip, a bitcoin ATM operator and owner of the financial services app Olliv, fell victim to a hacker attack that exposed over 36,000 of its clients.
Your email address will not be published. Required fields are markedmarked