Hacker Stole 1,000 Traders’ Personal Data From CryptoTrader.Tax - page 2.

taufik123

legendary

Activity: 2744

Merit: 1878

Rollbit.com | #1 Solana Casino

Quote from: Twentyonepaylots on August 26, 2020, 12:02:57 PM

-snip- I'm skeptical about the silly situation where an employee accidentally clicked a random link. bruh.

That possibility could be if the employee did something careless that got him into a trap.
Anyone who enters the world of the internet is at risk, even if he is an expert in the internet field.

Quote from: taufik123 on August 26, 2020, 10:32:43 AM

-snip-This is why I also doubt of crypto adoption as early as a year or two because of this stuff.

The current adoption of crypto is still the pros and cons, because of the security and risks behind cryptocurrency.
Crypto still needs development, maybe in the future crypto regulation and security will increase more than it is today.

peter0425

sr. member

Activity: 2618

Merit: 439

This is a threat to those Crypto users that has been exposed since their Data is now compromised from this hackers.
they might be a Victim of Force to take their crypto away from them,The CryptoTraders must have a insurance towards those who had been compromised that if there something happen to their crypto asset at least they will have assurance of claiming some lost.
this is not the Peoples mistake instead it is the company that is lazy to make high security in their platform.

Twentyonepaylots

sr. member

Activity: 1932

Merit: 370

Quote from: taufik123 on August 26, 2020, 10:32:43 AM

Quote from: sheenshane on August 25, 2020, 06:21:36 PM

This was my thought, probably the hacking incident was an inside job. How the hacker(s) know the credential info of that trading account website that easily get rid. I dont know whom or where to trust right now, it seems nowadays hackers and gettings smarter. They will do everything just to earn bucks or thousands of bucks in the evil idea.

Suspecting insider involvement in this hacking case may be an assumption that cannot be justified. There are many ways you can do to find out the credential info for a website. Maybe one of the employees was caught in a trap and then accused or clicked on the trap provided by the hacker to get important information about the CryptoTrader.Tax website. Many methods can be done.

Inside job won't be out for some of us to buy this assumption since the hole was found in that area. And for an employee of a crypto related company should be wary of the whole scheme of traps in the internet, I'm skeptical about the silly situation where an employee accidentally clicked a random link. bruh.

Quote from: taufik123 on August 26, 2020, 10:32:43 AM

currently there are many cases of hacks that are trending with a variety of new methods. hackers are growing, the level of security must also be developed to ward off and fight hackers.

I agree, along with the improvements of security systems the breaching methods are developing too. This is why I also doubt of crypto adoption as early as a year or two because of this stuff.

molsewid

hero member

Activity: 2170

Merit: 530

That's the reason why I am afraid of giving my identity or other contact details to exchange websites. Most of them required us to KYC, but their website is not yet fully secured. I feel sorry for the victim to their 13,000 rows of information. Hackers will probably sell that or use that in illegal ways.

tbterryboy

sr. member

Activity: 2030

Merit: 323

Lots of things are happening and these days people are not safe any longer. All these websites should always try to be very careful with their sites' security to protect their customers so that their information that they have given to the website will not fall into the wrong hands. It’s very bad that some of them are usually less concerned about issues like this until it happens to them and then they will start running up and down.

Sometimes you give your information to a website and the next thing their site gets scammed and you start getting some spam mails from those hackers to get access to your accounts. For example, I do get emails for confirming my details of my blockchain wallet but all of them from blockchain look like domains. If I do not check from where I do get mails then probably I might have lost my blockchain wallet by this time.

taufik123

legendary

Activity: 2744

Merit: 1878

Rollbit.com | #1 Solana Casino

Quote from: sheenshane on August 25, 2020, 06:21:36 PM

This was my thought, probably the hacking incident was an inside job. How the hacker(s) know the credential info of that trading account website that easily get rid. I dont know whom or where to trust right now, it seems nowadays hackers and gettings smarter. They will do everything just to earn bucks or thousands of bucks in the evil idea.

Suspecting insider involvement in this hacking case may be an assumption that cannot be justified. There are many ways you can do to find out the credential info for a website. Maybe one of the employees was caught in a trap and then accused or clicked on the trap provided by the hacker to get important information about the CryptoTrader.Tax website. Many methods can be done.

currently there are many cases of hacks that are trending with a variety of new methods. hackers are growing, the level of security must also be developed to ward off and fight hackers.

Bes19

full member

Activity: 1002

Merit: 112

This is scary coz they might sell these identities and can be use on frauds.
Though this is not the first that this thing has ever happen in other exchanger, but they should improve their security.
Sometimes this could be an inside job but who knows eeehh

emmaglory5

copper member

Activity: 134

Merit: 1

love to live honestly & try to be self-dependent

Quote from: ?? on ??

More people now will be exposed that they own cryptocurrency and might be personally targeted.

please share with us some security tips

Shasha80

sr. member

Activity: 1876

Merit: 318

More and more platforms related to cryptocurrency are targeted by hackers, perhaps because cryptocurrency is getting more popular.
But regarding the CryptoTrader.Tax case, if we reads the chronology of events, the first possibility is that it is a weak security system,
make it easy for hackers to steal consumer personal data. Then the second possibility is the possibility of inside jobs, because there
are several strange events related to this CryptoTrader.Tax case. Whichever is the correct possibility does not matter, the most important
is the CryptoTrader.Tax improves security systems, so that incidents like this do not happen again.

Leviathan.007

hero member

Activity: 1806

Merit: 722

Leading Crypto Sports Betting & Casino Platform

That's exactly the reason why I hate doing KYC on any exchange. A few years ago even on binance some personal information was leaked. Using these important information gathered from a thousand of user, anyone can abuse the information and take advantage over it or even make some trouble for people. While the hackers can sell these leaked information on environments like darkweb and deepweb for monero or bitcoin. That's why I always said asking for KYC in crypto exchanges shouldn't be happen and that's against the decentralizing.

dansus021

copper member

Activity: 2156

Merit: 983

Part of AOBT - English Translator to Indonesia

This was something im worry about. they took email address with and some portofolio about it. what happen if this site has completed KYC and the hacker sell info about it. Cry

and i'm just curious why hacker keep targeting cryptocurrency site? from the twitter big exchange and now this Cry

Sadlife

sr. member

Activity: 1400

Merit: 269

That's why it's not good idea to store private keys especially with a centralized authority holding the data. If they're using Cryptocurrency, why not use Blockchain instead? Rather than, a highly vulnerable database that someone could easily gain access to.
I believe the ETH blockchain enables you to develop smart contracts tailored for your business requirements.

sheenshane

legendary

Activity: 2534

Merit: 1233

Quote from: Kelvinid on August 25, 2020, 06:06:37 PM

The hackers never do the hard work and have those personal data easily because he knows it already as probably he is on the part of the company. A big question of why hackers know the password? it gives an idea that it was an inside job.

This was my thought, probably the hacking incident was an inside job. How the hacker(s) know the credential info of that trading account website that easily get rid. I dont know whom or where to trust right now, it seems nowadays hackers and gettings smarter. They will do everything just to earn bucks or thousands of bucks in the evil idea.

Good thing funds are safe but the personal info might be sold in the dark web and probably for the hacking purpose. The 1,082 unique email addresses that has been compromised will might in risk, it is probably good if their users will quickly change their addresses.

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Quote from: figmentofmyass on August 25, 2020, 02:00:05 PM

this is yet another reminder to use a different email address for every service though---if it gets leaked, no big deal.

And in fact this is possible, just create as many protonmail emails as you want. Though if they only stole email addresses and names then the worst they can do with it is get revenue by selling them to marketers that will send you spam offers. That would be pretty juvenile of them.

AmoreJaz

legendary

Activity: 3122

Merit: 1102

Leading Crypto Sports Betting & Casino Platform

Quote from: pakhitheboss on August 25, 2020, 09:49:01 AM

Quote

Tax marketing and customer service employee’s account on a support center platform

Sounds more like an inside job as without the proper authorization no one can access the account of an employee or the employee was a dumb.

Other reason can be that CryptoTrader do not have the highest level of security features or firewall activated in their system.

Anyways it is big dent to their reputation and trust.

very well it could be an inside job. remember the percentage of internal breaches is higher than other types like external, partners, multiple parties. so who knows that this security breach is because one of them decided to make his own decision? really is hard to trust your vital info these days. you'll never where it will end up to. so stay safe everybody!

Kelvinid

sr. member

Activity: 2828

Merit: 344

win lambo...

The hackers never do the hard work and have those personal data easily because he knows it already as probably he is on the part of the company. A big question of why hackers know the password? it gives an idea that it was an inside job.

Quote

CryptoTrader.Tax’s security team investigated the breach and found tax filing account passwords and CryptoTrader.Tax’s website were not compromised, Kemmerer said. The team then alerted parties affected by the breach and took steps to improve security measures and monitoring systems across internal and third-party applications, Kemmerer said.

That would something give an idea that hackers is also familiar with the company and might one of their person.

Anyway, we only have that presumption at his time, it might be wrong or right but that is also happening in some cases.
We have to wait for another update and to know more who are/is involved in this hacking incident.

rexxarofmoknathal

sr. member

Activity: 980

Merit: 260

Quote from: pakhitheboss on August 25, 2020, 09:49:01 AM

Quote

Tax marketing and customer service employee’s account on a support center platform

Sounds more like an inside job as without the proper authorization no one can access the account of an employee or the employee was a dumb.

I almost smell the same thing here, this might just be an non-authorization from the inside, as how else will the hacker get access to the passwords and stuff? I even fear to think that the CryptoTrader didn't consider online attacks and got little security in place like firewall etc. This is why this is likely an attack with inside help/insight. The obvious conclusion is clear: CryptoTrader has now got some recovery to do both on clients part as well as their own reputation

seoincorporation

legendary

Activity: 3346

Merit: 3130

Quote from: DdmrDdmr on August 25, 2020, 07:38:06 AM

Quote from: Sanitough on August 25, 2020, 06:02:36 AM

<…> How do they conclude that when the hacker successfully stole data from the website?

The article states it in the first few paragraphs:

Quote

<…> The hacker then screengrabbed samples of this sensitive information, posted them on the forum to entice potential buyers of the data trove and sent additional pictures to the source, who shared this evidence with CoinDesk. <…>

I figure that CryptoTrader.Tax had no hard time in verifying that the breach was real.

This case rings a bell (read notorious Twitter accounts used to scam recently), as the hack was allegedly performed by means of using a:

Quote

marketing and customer service employee’s account

That enabled the hacker to obtain inside information. Now how the company allowed for an external access to the system, even if the credentials were known, beats me. Nowadays, corporations can delimit external access through a range of mechanisms, which include verifying that the external device is authorised (i.e. account authorised vpn credentials + laptop authorization verification). Of course the hacker could have made the access through one of the employees devices, which would place a spotlight on who gave way for the breach to take place from his device.

First they see the hacker offering the information in the forum, after that i guess they review the security log in the server, and for sure there they see the DataBase dump... That's easy to do on linux, but the hard part of the problem is to identify the exploited vulnerability. The service can't come up again if they don't know how the attacker access...

btc_angela

hero member

Activity: 2660

Merit: 551

Quote from: snipie on August 25, 2020, 02:56:45 PM

Quote from: Twentyonepaylots on August 25, 2020, 02:35:09 PM

It makes sense for a company like cryptotrader to check their security after a massive data breaching in twitter had occur however as for what I understand through reading the article there were no trace or evidence that they are breached but someone just saw it on the dark web. Does this mean that the hacker went easily to pass their security level? perhaps an inside job?

If the hacker managed to have the credentials of an unaware employee then he can do whatever he wants without being detected likely. An inside job is possible too, although I don't tend to believe it, since I always ask what's the point of doing it and how much he will gain? Risk > benefits imo.

I also doubt that this is an inside job, usually hackers are targeting the weakest link in the chain, in this case, probably one employee who is very careless here and just clicking an external email and then boom, hackers have now access to their system using that employee's credential and then smooth sailing from then end. They could plant a backdoor as well and silently get all the necessary info and then sell it to the dark web.

snipie

legendary

Activity: 3178

Merit: 1140

#SWGT CERTIK Audited

Quote from: Twentyonepaylots on August 25, 2020, 02:35:09 PM

It makes sense for a company like cryptotrader to check their security after a massive data breaching in twitter had occur however as for what I understand through reading the article there were no trace or evidence that they are breached but someone just saw it on the dark web. Does this mean that the hacker went easily to pass their security level? perhaps an inside job?

If the hacker managed to have the credentials of an unaware employee then he can do whatever he wants without being detected likely. An inside job is possible too, although I don't tend to believe it, since I always ask what's the point of doing it and how much he will gain? Risk > benefits imo.

Topic: Hacker Stole 1,000 Traders’ Personal Data From CryptoTrader.Tax - page 2. (Read 637 times)