More than 5,000 email addresses and other personal information obtained from Canadian crypto exchange Coinsquare may be used in SIM swapping attacks.
Hackers got their hands on personal data on users from Coinsquare’s database, and Vice’s Motherboard cites one of the hackers saying that “the original intent was to sell it [the data] but we figured we would make more money by SIM swapping the accounts.” These attacks include gathering personal information on a victim in a variety of ways, contacting the victim’s mobile phone provider, utilizing the gained data to convince the company to port the victim’s phone number to the attacker’s SIM, and thus taking over all messages and voice calls, including the one-time passwords. It’s not uncommon for one or more of these steps to be an inside job.
This hacker sent a version of the data stolen from Coinsquare to Motherboard, the article claims, which doesn’t seem to contain passwords, but does come with more than 5,000 rows of users’ email addresses, phone numbers, some physical addresses too, as well as a column titled “total $ funded first 6 months,” which Vice believes could represent the amount in dollars put into a user’s Coinsquare account in that period, and if Coinsquare marks the user as a “high value client.”
Motherboard then proceeded to verify the data: using random email addresses from the list they tried making Coinsquare accounts and they weren’t able to, suggesting the email is in use already, and they also contacted a number of people, with three confirming they are Coinsquare users, while two confirmed their phone numbers.
According to several Reddit posts, it would seem that the breach occurred sometimes in 2019, though a Twitter account ‘Coinsquare Breach’ suggests that it was a year earlier, in 2018. What they all have in common is the accusation against the exchange of not revealing the leak to the customers and the public.
More importantly, employees should not access sensitive user data as easily.
“Coinsquare said the data came not from a hack of its systems, but rather a now former employee stole the information.”
— ¥ves ฿ennaïm (@ZLOK) June 2, 2020
The hackers also confirmed to Motherboard what many of the users speculated in Reddit posts, that they “set out to embarrass the company for claiming they [were] the most secure Canadian exchange and obviously that is a lie.”
We contacted Coinsquare for comment and will update should they reply.
___
Learn more:
5 Ways to Reduce Risks for Customers in Case Bitcoin Exchange Fails
Crypto Researcher Warns Of a Growing ‘Existential’ Risk To Bitcoin