Bitcoin-ATM-gID_7.jpg@png” />
In summary
- Byte Federal suffered a breach that exposed personal data of 58,000 customers due to an outdated GitLab system.
- The platform was temporarily closed and passwords reset to mitigate potential future risks.
- Forensic experts investigated the incident, highlighting flaws in server segmentation and credential management.
Major American Bitcoin ATM (BTM) company Byte Federal suffered a major data breach.
A Thursday filing with Maine’s attorney general shows that the Byte Federal breach allowed the attacker to access the personal data of 58,000 customers, including 111 Maine residents. The company noticed the attack on November 18, more than a month after it occurred on September 30.
Venket Naga, co-founder and CEO of security-focused data storage service Serenity, told Decrypt that the incident shows the dynamic nature of ever-expanding cybersecurity threats. According to him, companies in the crypto industry “must adopt adaptive frameworks that evolve with emerging risks, posing risks to both the physical and underlying infrastructure involved with Blockchain.”
Data from CoinATMRadar shows that Byte Federal operates 1,356 Bitcoin ATMs in the United States. This is equivalent to approximately 4.3% of all crypto ATMs in the country.
According to the report, the attack was a consequence of the exploitation of a third-party service. After detecting the incident a month later, Byte Federal decided to close its platform and assured users that no funds were lost.
A joint statement from crypto cybersecurity firm Hacken’s smart contract auditors Ataberk Yavuzer and Olesia Bilenka explains that the “incident occurred due to an unpatched or outdated GitLab system.” Adding that “inappropriate server segmentation” could be what allowed attackers to access sensitive customer data.
“It is highly likely that the GitLab repositories contained sensitive credentials to access Byte Federal databases, including name, date of birth, address, phone number, email, government-issued ID, social security number , transaction activity and user photo information,” the auditors highlighted.
Despite the breach, the company said it found no evidence that customer data was actually misused or accessed. “However, we are taking precautionary measures to ensure the security of your data and help alleviate any concerns you may have,” the message sent to customers quotes.
Byte Federal also noted that it is working with an independent cybersecurity team on a forensic investigation of the incident and could take legal action.
Byte Federal said it has applied a hard reset to all customer accounts and sent a notice about the incident. The company also changed internal passwords, password management system, tokens and keys to prevent future breaches.
The company urged customers to reset their login credentials. It warned that users may be asked to verify their personal information—providing more sensitive data to a company that just experienced a potential data breach.
“The Byte Federal incident is another example of how forcing businesses to retain their customers’ data is the worst practice when it comes to their privacy,” an anonymous former Bitcoin ATM operator told Decrypt. They wanted to retain their identity because they chose to close their service rather than comply with know-your-customer rules.
“In the case of cryptocurrencies, these data breaches are even more dangerous for users because they associate their personal information with a specific type of financial activity, making them easy targets for theft and fraud,” added the former Bitcoin ATM operator. .
Edited by Stacy Elliott.
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.
For the Latest Crypto News, Follow ©KeynoteUSA on Twitter Or Google News.
Disclaimer: Please note that the information provided on this page is for News purposes only and should not be considered investment or trading advice. ©Crypto.keynoteusa.com strongly recommends that you conduct independent research and/or consult with a qualified professional before making any investment decisions.
