An unknown hacker group claimed to have stolen 70,000 selfies and confidential data from 300,000 Coin Cloud bitcoin ATM customers. This drew attention from the VX-underground community.
An unknown Threat Actor(s) claim to have compromised Coin Cloud.
They allege to have exfiltrated 70,000 customer selfies (via ATM cameras), and 300,000 customers PII which includes Social Security Number, Date of Birth, First Name, Last Name, e-mail address, Telephone Number,… pic.twitter.com/TJ7RUK18Yq
— vx-underground (@vxunderground) November 12, 2023
According to the cybercriminals, they also stole the source code of Coin Cloud’s internal system and plan to release the leak publicly soon.
The attackers’ messages contain edited images, presumably of customers’ selfies and their personal information, including first name, last name, date of birth, occupation, telephone number and Social Security number.
The operator did not comment on the incident.
In February 2023, Coin Cloud, which at the time operated more than 4,000 ATMs in the United States and Brazil, filed for bankruptcy due to “business difficulties and legal problems.” The company’s liabilities to around 10,000 counterparties are estimated at between $100 million and $500 million.