A real data leak?
In his publication, the hacker claims to have the names, addresses, emails and telephone numbers of users. However, according to his words, he would not have passwords :
Screenshot of the hacker publication – Source: Under the Breach
In total, it would be close to 66,700 users who would have been affected by this data leak. According to Under the Breach, the hacker would have achieved this result by exploiting a flaw in the e-commerce platform Shopify.
Faced with these truly disturbing allegations, the companies concerned quickly reacted on Twitter. Ledger notably claimed that the hacked database would have no correspondence with their real database:
Rumors pretend our Shopify database has been hacked through a Shopify exploit. Our ecommerce team is currently checking these allegations by analyzing the so-called hacked db, and so far it doesn’t match our real db. We continue investigations and are taking the matter seriously.
– Ledger (@Ledger) May 24, 2020
“ There are rumors that our Shopify database has been hacked due to the exploitation of a Shopify vulnerability. Our e-commerce team is currently verifying these allegations by analyzing the so-called hacked database, and so far it does not correspond to our real database. We are continuing the investigations and are taking the matter seriously. ”
For its part, Trezor claims that its online store does not use Shopify and that therefore the exploitation of said flaw would not affect it:
There are rumors spreading that our eshop database has been hacked thru a Shopify exploit. Our eshop does not use Shopify, but we are nonetheless investigating the situation. We’ve been also routinely purging old customer records from the database to minimize the possible impact.
– Trezor (@Trezor) May 24, 2020
“ Rumors are spreading that our e-shop database has been hacked by exploiting a flaw in Shopify. Our eShop does not use Shopify, but we are nevertheless investigating the situation. We have also systematically purged old client files from the database in order to minimize any impact. ”
At the time of this writing, ShapeShift, the company that owns KeepKey, did not comment on the hacker’s claims.
👉 On the same theme: 1.4 million GateHub accounts leaked
Other platforms and companies involved
In addition to the probable leak of this data, the hacker would also have in his possession information from users of other platforms.
Indeed, according to another screenshot shared by Under the Breach, the hacker is allegedly the same person as the one who attacked the forum Ethereum.org in 2016.
Among many other platforms, we would also find user data from:
- BnkToTheFuture – 34,500 users: a platform for investing in FinTech, blockchain and crypto companies
- Bitbond – 27,400 users : a platform specializing in the issue, settlement and custody of bonds using the blockchain
- Augur – 3,900 users : a decentralized network allowing online bets with cryptocurrencies
- Korbit – 4,500 users : a South Korean exchange
Although the hacker’s allegations seem particularly disturbing, the veracity of his words has not yet been verified. In doubt, don’t hesitate to change your password on the aforementioned platforms even if the hacker specifies not to hold it.
To follow the progress of the data leak, we will keep you informed on Twitter, @cryptoastblog.
👉 To read on the same subject: DeFi: hackers exploit a vulnerability of dForce and drain $ 25M
Receive a summary of crypto news every Sunday 👌 And that’s it.
From Clément Wardzala: Source link