A seller on Raidforum, a marketplace for buying and selling stolen information, claims to have data from millions of Paxful customers.
Paxful has global cryptocurrency trading platform reported the incident.
The raid forum member with the username “mafufi” recently posted a sale of data that includes millions of Paxful customers in the market.
The seller posted the listing around 2:00 a.m. East Coast time this morning and asked for 1:00 p.m. BTC (approximately $ 58,000) for selling the entire database. “Mafufi” said it had a database of first name, last name, date of birth, address, gender, phone number, email address and password of 4.8 million Paxful customers and employees.
However, it appears that the data for sale is actually absent. Paxful CEO Ray Youssef tweeted to address User Data Concerns: “1 BTC for Millions of Users? We’re getting this leak spam all the time. Always fake. No user data has been leaked. However, it continues to confirm whether some employee data has been leaked from a third party payroll page. Remain You up to date. All identities safe! “
It appears that Youssef’s account is correct. Potential buyers of the allegedly stolen data were unwilling to pay because Paxful had not reported a breach. Raidforum administrators are said to have marked the sale as suspicious.
Paxful has announced that the data was illegally obtained from a third party that the crypto trading platform had previously used. The platform terminated this contract in September 2020.
Meanwhile, the incident has caused a stir on Twitter. Users fear that this is further evidence that the Anti-Money Laundering and Knowing Your Customers Regulations, which require a crypto exchange to collect data, are exposing customer information.
Corporations become regular victims
Various large companies have been victims of the recent cyberattacks, which have resulted in the theft of large amounts of customer personal data. In May of last year, cybersecurity firm Under The Breach announced that customers who bought products through multinational e-commerce company Shopify and items from crypto companies such as had bought Ledger, Bnktothefuture, Trezor and KeepKey could have their data leaked.
The cybersecurity firm tweeted screenshots of a hacker trying to sell stolen data from users of Bnktothefuture, Trezor, Ledger, and KeepKey.
Data breaches are a real problem for companies that are allegedly ill-prepared for cybersecurity threats. Early last year, hackers breached five U.S. law firms and encrypted their data, forcing each law firm to pay 100 BTC ($ 918,500 during that time) to restore their data access. The past year was marked not only by several ransom money demanding cryptocurrencies as a means of payment, but also by crypto fraud.
Image source: Shutterstock