A seller on Raidforum, a marketplace for purchasing and selling stolen information, is claiming to have data from millions of Paxful customers.
Paxful global cryptocurrency trading platform has reported the incident.
The member with username “mafufi” on Raidforum recently posted a sale of data that contains millions of Paxful customers on the marketplace.
The seller posted the listing at around 2AM Eastern time today this morning and asked for 1 BTC (about $58,000) for the sale of the entire database. “Mafufi” claimed to have a database including first name, last name, date of birth, address, gender, phone number, email and password of 4.8 million Paxful customers and employees.
But it seems that the data for sale does not actually exist. Paxful CEO Ray Youssef tweeted to address concerns associated with the user data: “1 btc for millions of users? We get this leak spam all the time. Always fake. No user data leaked. However still confirming if some employee data was leaked from 3rd party payroll site. Stay tuned. All identities safu!”
It appears that Youssef’s account is correct. Potential buyers of the allegedly stolen data were not willing to pay because Paxful had not reported a breach. Raidforum administrators are reported to have tagged the sale as suspicious.
Paxful has said that the data was obtained illegally from a third-party supplier that the crypto trading platform used previously. The platform terminated that contract in September 2020.
Meanwhile, the incident has caused an uproar on Twitter, with users worried that this was further evidence that anti-money laundering and know-your-customer regulations, which require crypto exchanges to collect data, leave customer information exposed.
Companies Becoming Regular Victims
Various big firms have been the victims of recent cyberattacks, which has resulted in the theft of a huge quantity of customers’ personal information. In May last year, cybersecurity company “Under The Breach” revealed that customers who bought products using Shopify multinational e-commerce company and purchased items from crypto firms like Ledger, Bnktothefuture, Trezor, and KeepKey, could have had their data leaked.
The cybersecurity firm tweeted screenshots from a hacker trying to sell stolen data from Bnktothefuture, Trezor, Ledger, and KeepKey users.
Data breaches are a real problem facing companies, which are said to be ill-prepared to cybersecurity threats. Early last year, hackers breached five US law firms and encrypted their data, thus forcing each firm to pay 100 BTC (amount $918,500 during that time) to restore their data access. Last year was not only marked by several ransoms demanding cryptocurrencies as payments but also by crypto scams.
Image source: Shutterstock