Coin Cloud, a defunct Bitcoin ATM provider, has reportedly become the target of a significant data breach. Unknown hackers have allegedly breached the company’s security infrastructure, compromising the personal information of more than 300,000 users and making off with the entire source code that underpins Coin Cloud’s operations.
The extent of the breach is alarming, with the attackers claiming unauthorized access to a considerable amount of sensitive customer data, including 70,000 customer selfies captured by the ATMs’ integrated cameras. Beyond the invasion of privacy, these images have exposed personally identifiable information (PII) for the affected users.
The stolen data encompasses a wide array of personal details, including social security numbers, dates of birth, names, email addresses, telephone numbers, occupations, physical addresses, and more. This breach has severe implications for users in both the United States and Brazil, leaving them vulnerable to potential identity theft and various cybercrimes.
Compounding the severity of the breach is the claim by threat actors that they have made off with the entire source code of Coin Cloud’s backend. This includes proprietary technology critical for the functioning of cryptocurrency ATMs and the overall operations of the company.
The theft of this intellectual property not only jeopardizes the security of Coin Cloud’s systems but also puts its users at risk of potential misuse and exploitation, given the in-depth understanding the hackers now possess of the company’s infrastructure.