FTX Crypto Exchange Suspends Claims Portal Access After Kroll Data Breach

FTX, a bankrupt cryptocurrency exchange, has announced the temporary suspension of impacted user access to its claims portal. This decision comes in the wake of a cybersecurity breach at Kroll, a firm overseeing FTX’s ongoing bankruptcy proceedings as the appointed claims and noticing agent.

The announcement, made on the social media platform X (formerly known as Twitter), underscores FTX’s proactive approach to safeguarding its users and assets. The breach at Kroll led to the exposure of non-sensitive data of claimants involved in the bankruptcy case. In response to potential concerns, FTX has issued a strong advisory to its users. “Users are strongly cautioned against making alterations to their claims or the accepted schedules in light of the incident,” the exchange stated.

Despite the unsettling circumstances surrounding the breach, FTX remains confident in the security of its infrastructure. The exchange has gone on record to assure its user base that “the security of account passwords, internal systems, and financial assets remains uncompromised.”

Kroll, on its part, has taken the initiative to reach out to affected individuals. The firm is actively advising them on precautionary measures to ensure self-protection against potential threats.

However, the situation has taken a concerning turn. ZachXBT, a renowned blockchain analyst, has reported the emergence of phishing emails targeting FTX customers. This development hints at a potential compromise of personal data, raising alarms within the crypto community.

Image source: Shutterstock


Tagged : / / / / /

MetaMask Users Email Addresses Exposed in Cybersecurity Incident

MetaMask, the popular Ethereum wallet, recently experienced a cybersecurity incident that exposed the email addresses of some of its users who submitted a customer support ticket between August 1, 2021, and February 10, 2023. Parent company ConsenSys released a blog post on April 14, 2023, which disclosed the details of the incident.

According to the post, unauthorized actors gained access to a third-party computer system that was used to process customer service requests. This allowed them to potentially view customer support tickets submitted by MetaMask users. While the tickets did not ask for information other than what was necessary to help the user, they did include a free text field that some users may have used to submit personally identifying information. This may have included economic or financial information, name, surname, date of birth, phone number, and postal address.

ConsenSys emphasized that it does not ask for personally identifying information in customer conversations, but some users may have provided it anyway. The breach may have affected up to 7,000 MetaMask users who submitted customer support tickets during the affected timeframe.

As a response to the incident, hardware wallet provider Keystone warned MetaMask users that they might receive more phishing emails. The attacker may use this swiped email database to look for potential victims. Phishing is a scam that tricks a user into providing sensitive information to an attacker. It is often performed by sending an email to the victim that appears to be from a trusted party or someone the victim knows.

ConsenSys said it had taken steps to eliminate unauthorized access in the future. As a result, tickets submitted after February 10 should be unaffected by the incident. The company also contacted the Data Protection Commission of Ireland and the Information Commissioner’s Office of the United Kingdom to report the breach. Additionally, the company’s third-party customer service provider is working with a cybersecurity and forensics team to perform a more detailed investigation of the incident.

This is not the first time MetaMask has come under scrutiny from privacy advocates. In late 2022, the company revealed that it sometimes logged users’ IP addresses. However, it updated its app in March to give users more control over which providers could obtain this information.

The incident highlights the importance of cybersecurity in the cryptocurrency industry. Users should remain vigilant and take steps to protect their personal information, such as using strong and unique passwords and enabling two-factor authentication.


Tagged : / / / / /

Italy Blocks OpenAI ChatGPT Over Data Breach Concerns

Italy’s data protection agency has temporarily blocked OpenAI’s ChatGPT, an artificial intelligence chatbot, over suspected breaches of data privacy rules. The move comes in response to a recent data breach that the AI platform suffered on March 20. The Italian data watchdog has ordered the immediate limitation of data processing for Italian users by OpenAI, the United States company behind ChatGPT.

In addition to the data breach concerns, the Italian data watchdog has also cited the lack of information for users regarding data collected by OpenAI. The agency noted that there is a lack of legal basis that justifies the mass collection and storage of personal data by the AI as it trained its algorithms. Furthermore, the agency also determined that information given by the AI chatbot doesn’t always reflect real data and there may be inaccuracies in terms of processing personal data.

The Italian data watchdog also highlighted a potential breach of ChatGPT’s own data protection rules. According to the agency, even though ChatGPT limits its use to only people above 13 years old, there is no filter that verifies the user’s age within the application. This means that minors could be exposed to unsuitable content for their developing minds.

Apart from Italy, ChatGPT is also facing criticism and legal action from other parts of the world. The Center for Artificial Intelligence and Digital Policy (CAIDP) filed a complaint against ChatGPT on March 31, attempting to stop the release of powerful AI systems to the masses. The CAIDP described the chatbot as a “biased” and “deceptive” platform which is a risk to public safety and privacy.

ChatGPT, created by OpenAI, is an AI chatbot that uses natural language processing to generate human-like responses. It has gained widespread popularity due to its ability to simulate human-like conversations and generate responses that seem to be personalized to the user. However, this popularity has come with increasing concerns over data privacy and potential misuse of personal data.

OpenAI has stated that it is aware of the concerns raised by the Italian data protection agency and is working to address them. The company has stated that it is committed to protecting user privacy and ensuring that its AI systems are used ethically and responsibly. It has also noted that it is constantly working to improve its systems and address any potential issues or concerns.

In conclusion, the temporary block of ChatGPT in Italy and the legal action against it by the CAIDP highlight the growing concerns over the use of powerful AI systems and their potential impact on privacy and public safety. While AI chatbots like ChatGPT have the potential to revolutionize communication and customer service, it is important that they are used in a responsible and ethical manner, with proper safeguards in place to protect user privacy and prevent misuse of personal data.


Tagged : / / / / /

T-Mobile looking into potential hack of data on 100 million customers

U.S. telecom giant T-Mobile is looking into an alleged massive data breach that may have compromised more than 100 million users.

According to Vice’s Motherboard, T-Mobile is investigating an alleged data breach claimed by the author of the post on an underground forum. The Aug. 15 report says the hacker claims to have obtained data on more than 100 million customers from T-Mobile servers.

The seller is asking for 6 BTC — approximately $287,000 at current prices, in exchange for some of the data.

Motherboard has seen samples of the data which include social security numbers, phone numbers, names, physical addresses, unique IMEI numbers and driver license information.

The seller told the outlet that they are privately selling most of the data at the moment, but will hand over a subset of the data containing 30 million social security numbers and driver licenses for the BTC ransom.

Referring to T-Mobile’s alert and potential response to the breach, the hacker said “I think they already found out because we lost access to the backdoored servers.”

A T-Mobile spokesperson said that the company is “aware of claims made in an underground forum” and is “actively investigating their validity” adding: “We do not have any additional information to share at this time.”

Related: Ledger users threaten legal action after hacker dumps personal data

It is not the first time T-Mobile has been at the center of a cyber-security scandal. In February, the mobile carrier was sued by a victim who lost $450,000 in Bitcoin in a SIM-swap attack.

A SIM-swap attack occurs when the victim’s cell phone number is stolen. This can then be used to hijack the victim’s online financial and social media accounts by intercepting automated messages or phone calls that are used for two-factor authentication security measures.

In this case, the victim Calvin Cheng accused T-Mobile of failing to implement adequate security policies to prevent unauthorized access to its customers’ accounts.

T-Mobile was also sued in July 2020 by the CEO of a crypto firm over a series of SIM-swaps that resulted in the loss of $8.7 million worth of digital assets.

In April this year, hardware wallet manufacturer, Ledger, faced a class-action lawsuit regarding the major data breach that saw the personal data of 270,000 customers stolen between April and June 2020.


Tagged : / / / / /

Pro-Trump MAGACOIN crypto launch marred by website data breach

The launch of a cryptocurrency developed by Donald Trump supporters last week has been marred by a website data breach.

According to The Guardian, user information including IP addresses, email addresses and passwords were accessed via a poor security configuration on the project’s website.

The crypto is dubbed MAGACOIN after former President Trump’s “Make America Great Again” slogan. The project’s website claims that MAGACOIN was “created by America First Conservatives out of frustration with “Losing the Election” (the site has it in quotes) and “a desire to fight back by supporting MAGA candidates in 2022 and beyond” with profits from the coin.

An unnamed and self-described hacktivist told The Guardian that more than 1,000 people have signed up, including Republican figures and conservative media personalities, with the majority of hodlers having around 100 MAGACOIN.

The project’s creator, used car salesman Marc Zelinka, reportedly holds 2 million MAGACOIN, along with Reilly O’Neal, a pro-Trump consultant who is now operating the project.

Roughly 75 million MAGACOIN were created to represent the 75 million voters who were supposedly “disenfranchised on November 3rd, 2020” — the day of the U.S. election results in which Trump lost to Democrat Joe Biden. Trump supporters have since asserted without evidence that the election was rigged and have lost numerous court cases challenging the results.

The project is offering 100 MAGACOIN to anyone that signs up, and the hacktivist has claimed that the majority of users have that amount.

Some of the larger accounts are reportedly the result of marketing campaigns from the project, offering 1,000 MAGACOIN to media personalities, radio hosts, and grassroots groups in exchange for promoting the cryptocurrency.

An account holding 1,500 coins is associated with an email address of John Rush, the host of “Rush to Reason” on Denver’s KXL conservative talk station, along with a similar amount associated with Colorado Republican activist Evan Underwood, who is also the chair of the Colorado Federation of College Republicans.

Rush reportedly had the creator of the project, Marc Zelinka, on the show in a recent episode however Zelinka told the Guardian that “I don’t control it anymore” after he handed the reins over to prominent North Carolina-based political operative, Reilly O’Neal.

A super political action community (SuperPAC) is also tied to the project and called “MAGACOIN VICTORY FUND”, which has received a 10 million MAGACOIN donation to support “MAGA candidates across the country who will fight for individual rights, religious liberty, protecting the unborn, the 2nd amendment, freedom of speech and the entire America First Agenda.”

The SuperPAC’s mailing address is reportedly located at the same place several other firms and political groups operated by O’Neal.

Related:It’s fine’ to buy Bitcoin as gold substitute, says Trump ex-Treasury Secretary Mnuchin

Despite MAGACOIN being a pro-Trump project, it is yet to be seen what the former president thinks of the project as he is known for being anti-crypto. Trump stated last month that “Bitcoin, it just seems like a scam […] I don’t like it because it is another currency competing against the dollar.”


Tagged : / / / / / /

Breach at Indian exchange BuyUCoin allegedly exposes 325K users’ personal data

Users of Indian crypto exchange BuyUCoin have reportedly been affected by a breach compromising personal data of more than 325,000 people.

According to a report from Indian news outlet Inc42, a hacking group by the name of ShinyHunters leaked a database containing the names, phone numbers, email addresses, tax identification numbers and bank account details of more than 325,000 BuyUCoin users. However, a later report from Bleeping Computer shows the leaked data may only contain information from 161,487 BuyUCoin members.

Cybersecurity researcher Rajshekhar Rajaharia posted screenshots of the leaked data — recorded until September 2020 — to Twitter last week, which included trading activity and BuyUCoin referral codes.

BuyUCoin initially claimed that “not even a single customer was affected” by the data breach and referred to the reports as “rumors,” but has since released a statement saying it was “thoroughly investigating each and every aspect of the report about malicious and unlawful cybercrime activities by foreign entities.” The exchange added that all user funds were “safe and sound within a secure environment” as it reported 95% were kept in cold storage.

Though no funds have reportedly been affected in the breach of the exchange, there are still potential risks to BuyUCoin users. Like the exchange’s customers, Ledger users had their personal data compromised in a June and July 2020 data breach affecting 272,853 people who ordered hardware wallets. Some users have since reported receiving threatening emails with demands for a crypto ransom to be paid within 24 hours or they will face “horrifying” consequences.

While real world attacks to steal crypto are much rarer than hacks or scams, they do occur. Whether concerned for their data or their physical well being, some BuyUCoin users expressed their frustration with the reports of the breach.

“What if someone used my account in any illegal activity?” said Rajaharia — also a BuyUCoin user — in a follow-up tweet, calling the exchange’s initial response “irresponsible.”

Cointelegraph reached out to BuyUCoin CEO Shivam Thakral for comment, but did not receive a response at the time of publication.