A dump of the Paxful P2P platform’s registered users and employees’ database has been posted for sale on an English-language dark net forum. The information is reported by the Telegram channel reports Telegram channel ‘Information Leaks’.
Paxful CEO Ray Youssef refuted reports of a data breach on the platform.
«All funds and users’ personal data are safe. No data breaches have occurred; our users were not affected. Long live Bitcoin. The data in their hands are old payroll records from a site we no longer use», he wrote on Twitter.
According to the seller, the dump contains more than 4.8 million records, current as of April 2021.
«As a sample, the unknown provided a dump from the Salarium cloud payroll management system for employees of salarium.com», – the channel’s authors write.
The breach contains full names, email addresses, hashed passwords, IP addresses and [simple_tooltip content=’a unique user profile based on hardware and software parameters, extensions and settings’]browser fingerprints[/simple_tooltip] of users. The seller also claims the dump includes addresses, phone numbers and dates of birth.
The data are being sold for 1 BTC (over $58,000 at the time of writing).
In response to ForkLog’s inquiries, Paxful’s chief communications officer Joe White said that user data had not been compromised, but the company is investigating the matter.
«The published data were obtained illegally from a third-party provider that Paxful previously used. They pertain to the company’s employees. We terminated the contract with this provider in September 2020», he added.
Earlier ForkLog reported that unknown parties put up for sale the database containing data of 500 million LinkedIn users. A service representative confirmed the existence of data collected from the platform, but assured that the information is publicly available, and the database includes data from multiple sites.
Subscribe to ForkLog news on Telegram: ForkLog Feed — all the news, ForkLog — the most important news, infographics and opinions.