An unidentified hacking group has purportedly claimed responsibility for a significant security breach targeting Coin Cloud, a Bitcoin ATM operator that once boasted over 4,000 machines in the U.S. and Brazil before filing for bankruptcy in February 2023.
The group asserts to have stolen 70,000 customer selfies and sensitive personal information for approximately 300,000 customers, along with the source code for Coin Cloud’s backend system.
The cybersecurity expert vx-underground brought attention to the breach through a post on X, disclosing that the hacking group is asserting its actions in private channels. Redacted images accompanying the post are said to depict customer selfies and personal identifying information, including names, addresses, Social Security numbers, dates of birth, occupations, phone numbers, and more.
The gravity of the situation is compounded by the hackers’ claim to have stolen the entire source code of Coin Cloud’s backend system. This source code is crucial for powering the cryptocurrency ATMs and underlies the company’s operations.
The threat actors are said to be sharing these claims in private channels, and there are concerns that the leaked database may be posted online soon. Coin Cloud has not yet provided a public comment on the reported breach.
The compromised data poses a significant risk to affected individuals in the United States and Brazil, exposing them to potential identity theft and various cybercrimes. Furthermore, the theft of Coin Cloud’s source code raises concerns about the potential misuse and exploitation of the company’s proprietary technology, which could compromise the security of its users.
The tumultuous journey for Coin Cloud, a Bitcoin ATM firm, takes another