Author

Topic: 4500 personal data leaked by TokenSoft (Read 223 times)

legendary
Activity: 2702
Merit: 4002
November 23, 2022, 08:32:55 AM
#13
Does anyone know the number of users (active users,) and is this 4,500 the real percentage, or is it an estimate, and what permissions does that member seek to access compared to the total number of users?

In general, the number is not large, so the motive is likely to be financial, and we may hear new leaks if those were a VIP people.
legendary
Activity: 2730
Merit: 7065
November 23, 2022, 04:24:24 AM
#12
But one of the reply imply it's not mistake, but was intentionally leaked by one of their staff[2]. IF it's true, i would question how the company managed to recruit that staff with such horrible personality.
And again we get to see how one bad individual or a group of such destroys the reputation of a company and leaks customer data because of their stupidity, misuse, or lack of intelligence. I guess that's what you get when your business model is employing the cheapest possible workforce instead of those best suited to work on any open position. You surround yourself with people without morals and ulterior motives, incapable from seeing right from wrong.
legendary
Activity: 3052
Merit: 1168
Leading Crypto Sports Betting & Casino Platform
November 22, 2022, 06:50:24 PM
#11
-cut-
It's just ironic that a supposedly tech leading company preaching security has it's on slip on this industry and this is why personal and sensitive data should be protected by this companies.
Well to be fair to that topic, that project wasn't about security as in net security, but securities as a financial asset (most likely either synthetic stocks or derivatives). So they are very different things.
But obviously failing on this level doesn't really promise brigt future for them. Not that they would have it without messing this up. I wouldn't touch on that launchpad with a ten foot stick, who know if the same person coded their smart contracts.
legendary
Activity: 2170
Merit: 1789
November 21, 2022, 12:24:56 PM
#10
i would question how the company managed to recruit that staff with such horrible personality.
I've seen at least two community managers who have terrible personalities when dealing with complaints from the community. It might be because the hiring itself doesn't have a high requirement since they can hire remote workers to do the job with little to no supervision and cause disaster to both the companies and the community. This is the third time. Even if those people do cheat, doing their phone numbers are definitely too much. Hopefully, he stop his power trip soon or he needs to look for jobs in a different field.
hero member
Activity: 1554
Merit: 880
pxzone.online
November 21, 2022, 11:43:01 AM
#9
...
In the future you can also consider using a burner phone number which you throw away and replace every 3/6/12 months or whatever. If you need a phone number to sign up to something, but don't want to hand out your real one, use this one instead.
If this is such a problem for you, listen to the advice and change the number, just be sure that the new number is not listed in the public telephone directory, because as far as I understand, those databases are widely used for this type of sales.
I'll consider those ideas and suggestions. Thanks.
For the meantime, I'm using a different phone number but still using the old one (dual-sim smartphones) just being cautious of answering phone calls or wont answering at all, unless it made an sms to confirm their needs/wants.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
November 21, 2022, 05:33:04 AM
#8
But for calls, i need to answer them first before i can tell if its a legit call or not. Since my fist language is not english, talking to an english person in phone calls with crypto related talks gives me creepy vibes.

I wrote to you how I solved it, and when you answer an unknown number, you don't have to talk to the person on the other end because that person should introduce himself to you and say what he wants, and then you simply end the call and add the number to the black list. It is true that they have many different numbers from which they call, but it is also true that they do not have so many numbers that they can call you from a different number every day.

If this is such a problem for you, listen to the advice and change the number, just be sure that the new number is not listed in the public telephone directory, because as far as I understand, those databases are widely used for this type of sales.
legendary
Activity: 2268
Merit: 18711
November 20, 2022, 11:34:54 AM
#7
But for now, i can't because it will take time to let those businesses, acquaintances of mine to know my new number and i hate messaging them just to let them know, and i really hate that part
I think that's a small inconvenience for the benefit of not having scammers knowing your full name, address, and phone number. It isn't just spam calls and the like, but also things like a SIM swap attack. It takes 2 minutes to send a mass SMS to all your contacts with your new number, and you can update your number on websites and businesses the next time you use them. Keep your old number active for 6 months and redirect any legitimate contact to your new number.

In the future you can also consider using a burner phone number which you throw away and replace every 3/6/12 months or whatever. If you need a phone number to sign up to something, but don't want to hand out your real one, use this one instead.
hero member
Activity: 1554
Merit: 880
pxzone.online
November 20, 2022, 10:52:16 AM
#6
At least it's easy to block calls from a certain number, I simply add such numbers to the blacklist and they can no longer call or send me messages, and if someone calls me from countries where I have no relatives or friends, I simply block the entire country by area code. With this blocking method, I reduced unwanted calls and messages by 99%.
With the help of google messages app, yes. Sms with the same pattern like related to crypto, giveaways, gambling, inviting jobs eventually marked as a spam.

But for calls, i need to answer them first before i can tell if its a legit call or not. Since my fist language is not english, talking to an english person in phone calls with crypto related talks gives me creepy vibes. Coz i never shared crypto related topics in any phone calls even to my friends worst to a foreign guy. I once answered an english with something chinese accent and sometimes british.
One of the problems is some of the business/finance related companies i applied for like credit cards doesn't have particular number like they have multiple numbers used when calling their clients and because of these creepy feeling i experienced, calls from unsaved numbers brings back those memories, so i missed lots of calls even the legit ones.

Why not change your phone number?
That's my last option though, maybe when sim registration law takes place in my area (in 3-6 months i guess). But for now, i can't because it will take time to let those businesses, acquaintances of mine to know my new number and i hate messaging them just to let them know, and i really hate that part. That's why this mobile number of mine is like more or less 10 years already to me. Lol.
legendary
Activity: 2268
Merit: 18711
November 20, 2022, 07:41:20 AM
#5
IF it's true, i would question how the company managed to recruit that staff with such horrible personality.
More to the point, where are the security checks and controls? Why can one staff member simply access, download, and share a database of KYC information without requiring additional permissions from anyone else? Pretty basic stuff, especially for a supposedly security focused company. Just another great example of how pretty much every centralized company in this sector is amateurish, at best.

Airdrops, tokens and similar things and their users are certainly not valuable targets (with rare exceptions), so I don't see this leak as a big danger for anyone, except maybe in the short term for the reputation of the company, which obviously has problems choosing the right people for the job.
I don't have any hard data on this, but my feeling is that people who chase worthless tokes and airdrops have far less solid security practices when compared to the average bitcoin user. It's probably quite easy to trick these people in to entering the seed phrase on a website as part of some scam airdrop or similar.

Day by day spam emails, spam sms, worst are calls from random foreign guy in a company asking my opinion regarding crypto like shit here we go again.
Why not change your phone number?
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
November 20, 2022, 06:28:08 AM
#4
Ugh, i still experience the aftermath of this. Day by day spam emails, spam sms, worst are calls from random foreign guy in a company asking my opinion regarding crypto like shit here we go again. That's why i become paranoid of phone calls from a unknown numbers, affecting those legit calls.

At least it's easy to block calls from a certain number, I simply add such numbers to the blacklist and they can no longer call or send me messages, and if someone calls me from countries where I have no relatives or friends, I simply block the entire country by area code. With this blocking method, I reduced unwanted calls and messages by 99%.



~snip~

What I wanted to say is that those who deal with airdrops of various tokens are mostly not those who could have valuable crypto assets, although there are always exceptions. In any case, it is never good when such data is made public, and as @PX-Z already wrote, for some, this biggest data leak turned into a nightmare, which unfortunately still continues.
hero member
Activity: 1554
Merit: 880
pxzone.online
November 19, 2022, 05:47:47 PM
#3
A well-known company that produces hardware wallets was hacked at one time and hundreds of thousands of their users' data was leaked, and who still mentions that today?
Ugh, i still experience the aftermath of this. Day by day spam emails, spam sms, worst are calls from random foreign guy in a company asking my opinion regarding crypto like shit here we go again. That's why i become paranoid of phone calls from a unknown numbers, affecting those legit calls.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
November 19, 2022, 10:17:03 AM
#2
Quote
To be more specific, the manager posted the list of users claiming that they were gaming the Tokensoft DAO’s airdrop.

Airdrops, tokens and similar things and their users are certainly not valuable targets (with rare exceptions), so I don't see this leak as a big danger for anyone, except maybe in the short term for the reputation of the company, which obviously has problems choosing the right people for the job.

A well-known company that produces hardware wallets was hacked at one time and hundreds of thousands of their users' data was leaked, and who still mentions that today?
hero member
Activity: 1414
Merit: 542
November 19, 2022, 03:30:46 AM
#1
TokenSoft, a leading technology and security platform for companies seeking to issue assets on the blockchain, at scale, and within compliance, unfortunately, leaked or doxxed 4500 users.

Quote
Further probes into the mishap led to some rather startling findings. It was found that the company had doxxed more than 4,000 users. 

In general parlance, Doxxing, also spelled as Doxing, refers to revealing information online that could lead to identifying someone. Such information may include a person’s real name, address, contact number, workplace details, financial information, etc.  

The information came on the company’s Discord channel from a community manager with the handle “Nick G.” 

To be more specific, the manager posted the list of users claiming that they were gaming the Tokensoft DAO’s airdrop. 

https://www.securities.io/digital-securities-launchpad-tokensoft-doxxes-4500-users/

It's just ironic that a supposedly tech leading company preaching security has it's on slip on this industry and this is why personal and sensitive data should be protected by this companies. Not the first though, but for sure, if someone gets a copy of this information, it could be used as fraud, or spam our emails again with offers that can be a trap for scammers. So watch out, many in the next couple of months we will hear attempts to used this data by cyber criminals.
Jump to: