Names, addresses and other private data has been leaked from the crypto lender
In a serious incident in the crypto world, cryptocurrency lending provider BlockFi reported a data breach that could have potentially leaked personal information about its customers. Apparently, this security breach could have given physical addresses and account activity information of its customers to hackers. According to what BlockFi reported on Tuesday, a breach through a SIM card swap attack was performed on one of its employees.
By successfully stealing the email account and phone number used for the employee’s account verification procedure, the attackers were allowed to access company’s records. SIM swapping attacks have been increasing lately, due to several vulnerabilities found in network operators; however, they also require a co-conspirator with access to the phone network’s equipment. The difference, in this case, is that this attack was made to one of the employees and, usually, in previously reported cases, the targets were clients themselves.
As soon as the attackers got ahold of the company’s records, they tried to allegedly withdraw customer’s funds directly, but none of the attempts was successful, according to what BlockFi reported. However, they did get access to customer data used for marketing efforts. BlockFi did stress that none of the information leaked was considered “non-public identification information,” which includes bank account numbers, passwords and social security numbers. The customer’s data that hackers obtained were full names, email addresses, dates of birth and even account activity information and physical addresses, which might put some customers in physical danger.
“Due to the nature of the information that was leaked, we do not believe there is any immediate risk to BlockFi clients or company funds,” wrote the company while confirming that there are no current threats to customer’s BlockFi funds. However, extortion and physical theft could be a potential threat.