Kroll data breach exposes info of FTX, BlockFi, Genesis creditors

TryNinja

legendary

Activity: 2758

Merit: 6830

Quote from: mescalito on October 31, 2023, 03:50:50 AM

Currently messages from [email protected] linking cases-kroll.com are coming Wink

Just got another email (this is the second). Didn't get automatically marked as spam by Gmail, so straight to my email box. Tongue

Urgent Notice <[email protected]>

Quote

Dear Interest Account Clients,

We are excited to announce to our customers the ability to withdraw their assets from our platform has been re-opened for the next 24 hours.
Any assets not withdrawn before the deadline will be accessible in the upcoming months.

Initiate Withdrawal

If you have any questions, please contact Kroll through the following channels:
Email: [email protected]
Website: https://restructuring.ra.kroll.com/blockfi

Sent by BIA Alerts

Sent through https://flocknote.com

mescalito

full member

Activity: 351

Merit: 101

Currently messages from [email protected] linking cases-kroll.com are coming Wink

rdluffy

legendary

Activity: 2366

Merit: 1408

Quote from: TryNinja on October 21, 2023, 05:21:33 PM

I also got one from the same sender (mail@networkforgood), but pretending to be BlockFi instead of FTX.

...

My FTX account wasn't blocked, so I don't think it got leaked? Huh

I thought that only those whose accounts had been blocked by FTX had received this e-mail, because the data had been leaked. Now I have some doubts...

Quote from: Rikafip on October 22, 2023, 12:10:05 PM

Afaik, anyone who has FTX account and submitted claim via Kroll got his info leaked, therefore started getting these phishing emails few days ago (at least based on experience of couple of people I know) after the news that debtors could get part of their deposit back during Q2 2024.

They may all have their emails leaked after all Sad

Quote from: Z-tight on October 22, 2023, 01:25:00 PM

Yes, that is surely where they got the email addresses of customers', with every data breach or leak, there is always a wave of phishing attacks that follow. This data breach occurred sometime in August, and if it is true that customers only started receiving phishing attacks this month, could it be that the attackers were careful not to start the attack when the news of this breach was still fresh in people's minds?

People should be careful so they don't lose more money in addition to what they lost in these collapsed services.

It's probably what Rikafip already mentioned, after the news came out that FTX is submitting a document to pay users in 2024, they released these emails to try and fool someone

Z-tight

hero member

Activity: 994

Merit: 1089

Quote from: rdluffy on October 21, 2023, 09:59:54 AM

Be careful guys
They probably got the emails from this leak

Yes, that is surely where they got the email addresses of customers', with every data breach or leak, there is always a wave of phishing attacks that follow. This data breach occurred sometime in August, and if it is true that customers only started receiving phishing attacks this month, could it be that the attackers were careful not to start the attack when the news of this breach was still fresh in people's minds?

People should be careful so they don't lose more money in addition to what they lost in these collapsed services.

Rikafip

legendary

Activity: 1722

Merit: 5937

Quote from: TryNinja on October 21, 2023, 05:21:33 PM

My FTX account wasn't blocked, so I don't think it got leaked? Huh

Afaik, anyone who has FTX account and submitted claim via Kroll got his info leaked, therefore started getting these phishing emails few days ago (at least based on experience of couple of people I know) after the news that debtors could get part of their deposit back during Q2 2024.

TryNinja

legendary

Activity: 2758

Merit: 6830

Quote from: rdluffy on October 21, 2023, 09:59:54 AM

I was one of those whose FTX account was blocked because of this leak, yesterday and today I've already received 3 emails from [email protected]:

-img-

Be careful guys
They probably got the emails from this leak

I also got one from the same sender (mail@networkforgood), but pretending to be BlockFi instead of FTX.

My FTX account wasn't blocked, so I don't think it got leaked? Huh

rdluffy

legendary

Activity: 2366

Merit: 1408

I was one of those whose FTX account was blocked because of this leak, yesterday and today I've already received 3 emails from [email protected]:

Be careful guys
They probably got the emails from this leak

bbc.reporter

legendary

Activity: 3010

Merit: 1460

Quote from: o_e_l_e_o on August 30, 2023, 02:05:00 AM

I've said it before and I'll say it again - the only safe KYC is no KYC.

Quote from: Potato Chips on August 27, 2023, 06:58:01 PM

It's scary to think that companies out there are still relying on SMS/phone numbers for securing important employee accounts.

It's so incompetent it would be funny, if it wasn't so alarming. These are the entities you are entrusting your data to every time you complete KYC. Entities whose employees have so much information publicly available about them that they can be SIM swapped with ease, and who have access to your sensitive information via just their phone.

Quote from: Potato Chips on August 27, 2023, 06:58:01 PM

FTX claims no-sensitive data has been compromised but I'm not sure I trust it.

In what world is your full name, physical address, and how much money you were storing on these scam platforms not sensitive data? You've just made every single one of those users a target for physical attacks, especially any with a large number of coins.

Pretty laughable that they state "client funds" haven't been impacted. What funds? Everyone lost all their funds when these scam platforms collapsed, remember? Roll Eyes

What a complete shitshow. The number of reasons you should avoid centralized exchanges continues to grow exponentially.

Also, if anyone of you has shared your affiliate link and pnl card, you will be exposing your real identity because FTX links use your account ID. Hackers can link your social media and forum accounts to your FTX account and real identity.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18711

Quote from: examplens on August 31, 2023, 04:10:22 AM

I'm pretty sure that the majority of cases with compromised user data do not happen due to hacks or similar unauthorized security breaches. It is much worse for the company's reputation and trust if it happened because they sold data, regardless of whether it was planned or just some disgruntled employee did it.

Does it matter, though? Many of the big exchanges sell data too. Coinbase for example admitted they were selling sensitive user information to third parties without the users' knowledge or consent. Did it affect them in the slightest? Binance were hacked for thousands of users' worth of KYC data. Did it affect them in the slightest? These exchanges can do anything they like with your data and people simply don't care.

Quote from: examplens on August 31, 2023, 04:10:22 AM

Why would any company keep online KYC data, despite all the security protocols?

Because it's cheap, and as above, they don't need to waste their money on proper security because they know their users will suck it up when their data is inevitably leaked.

Quote from: mk4 on September 02, 2023, 01:58:56 PM

I don't think it's necessarily because there's no protection — it's more of the fact that most employees are probably untrained for this type of social engineering attack.

Add in that 90% of the population voluntarily share enough information about their lives across multiple social media platforms to make social engineering now trivially easy.

mk4

legendary

Activity: 2870

Merit: 3873

Paldo.io 🤖

Quote from: joniboini on August 30, 2023, 01:31:10 AM

Btw, I heard that SIM swap attacks are popular in the US, so how come there is no protection against them from their side?

Yes — it seems to be happening at least mostly in the US(most of not all the news I've read has been in the US). I don't think it's necessarily because there's no protection — it's more of the fact that most employees are probably untrained for this type of social engineering attack. I know it's a hassle, but these telecom companies should probably require the user to show up in person to be able to do a sim swap.

Yamane_Keto

hero member

Activity: 406

Merit: 443

a simple SIM-swapping attack led to move sensitive data to a third party, and this data is full names, physical addresses, email addresses, which were not encrypted or there was a single point of failure. I don't believe that. This either indicates a lack of care, or that they wanted to leak that data (or lost it for some reason) and now they are blaming one of the employees.

In any case, a lawsuit can easily be filed against them accusing them of negligence in saving user data, but it is better to try to reduce the data you give to any third party, especially if the servers are outside your country.

I began to feel that hacking large institutions is becoming easier day after day, or that they do not care about that.

examplens

legendary

Activity: 3472

Merit: 3507

Crypto Swap Exchange

Quote from: o_e_l_e_o on August 31, 2023, 02:14:19 AM

People often equate companies being large, long running, or well known as meaning these companies know what they are doing. This is not the case. The biggest tech companies in the world - Microsoft, Apple, Google, Meta, and so on - have all experienced multiple data breaches. The same is true for all the biggest centralized exchanges in the crypto space have experience multiple data breaches, and yet people do not seem to care. Why would they spend their profits on advanced security systems when they know they can get away with spending the bare minimum? As soon as you've completed KYC anywhere, your data is at risk.

I'm pretty sure that the majority of cases with compromised user data do not happen due to hacks or similar unauthorized security breaches. It is much worse for the company's reputation and trust if it happened because they sold data, regardless of whether it was planned or just some disgruntled employee did it.
Why would any company keep online KYC data, despite all the security protocols?

I would draw a parallel with the popular excuse for exchanges, where they went bankrupt as a result of the hack, and the truth is that they just wanted to leave with the money and declare bankruptcy. A great way to accuse an unknown person-s of your "mistakes".

o_e_l_e_o

legendary

Activity: 2268

Merit: 18711

Quote from: Darker45 on August 30, 2023, 09:37:38 PM

I wonder how Kroll, a risk solution company that has been operating for many decades, is this lax and complacent in terms of data security.

People often equate companies being large, long running, or well known as meaning these companies know what they are doing. This is not the case. The biggest tech companies in the world - Microsoft, Apple, Google, Meta, and so on - have all experienced multiple data breaches. The same is true for all the biggest centralized exchanges in the crypto space have experience multiple data breaches, and yet people do not seem to care. Why would they spend their profits on advanced security systems when they know they can get away with spending the bare minimum? As soon as you've completed KYC anywhere, your data is at risk.

Quote from: Darker45 on August 30, 2023, 09:37:38 PM

The reports just mentioned in passing that the "attackers bypassed MFA." Don't they feel the extreme necessity to provide details how it all happened just like that?

If an attacker can "bypass MFA" using only a phone number, then it means their MFA was simply an SMS message, which is widely known to be the most insecure MFA method there is. They probably won't reveal any details because it will highlight just how amateurish their whole set up is.

Darker45

legendary

Activity: 2576

Merit: 1860

When I first read this news, I was surprised how seemingly easy it is for somebody to have unauthorized access to valuable data. I immediately thought something fishy must be going on. I suspected a planned sabotage on the claims of FTX and others is underway. Or they will use this self-inflicted breach in the future as an excuse over something they don't want to be held accountable.

I wonder how Kroll, a risk solution company that has been operating for many decades, is this lax and complacent in terms of data security. How could they even passed the standard or audit, if there is, of this kind of business with this level of security? And they're catering large financial institutions.

The reports just mentioned in passing that the "attackers bypassed MFA." Don't they feel the extreme necessity to provide details how it all happened just like that?

Synchronice

hero member

Activity: 882

Merit: 792

Watch Bitcoin Documentary - https://t.ly/v0Nim

Quote from: Potato Chips on August 27, 2023, 06:58:01 PM

Of course, the employee in question was a T-mobile user. If you're a T-mobile user, I suggest looking into all the sim swap accidents they've been in lol

Of course everything happens to T-mobile but you can't deny that their servers and arrays are the most protected ones out there.
Here is the proof:

Quote from: Potato Chips on August 27, 2023, 06:58:01 PM

Genesis affected users has had the following leaked: full names, physical addresses, email addresses, and debtor claim details. FTX claims no-sensitive data has been compromised but I'm not sure I trust it.

In any case, if you submitted a claim on kroll, be extra careful with phishing scams cause it's safe to assume perps are gonna attempt it a lot.

There is no company that will say that sensitive data has been leaked but the real problem is that people don't care about their privacy and the fact that their identity has been leaked. All I hear from people is that: Let them have images of my document, what can they do? And how are you gonna fight against KYC when majority of people don't really care about their privacy and are willing to send their documents to anyone without hesitation? There are even scam call centers that ask people for their debit card numbers and people tell it to them.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18711

I've said it before and I'll say it again - the only safe KYC is no KYC.

Quote from: Potato Chips on August 27, 2023, 06:58:01 PM

It's scary to think that companies out there are still relying on SMS/phone numbers for securing important employee accounts.

It's so incompetent it would be funny, if it wasn't so alarming. These are the entities you are entrusting your data to every time you complete KYC. Entities whose employees have so much information publicly available about them that they can be SIM swapped with ease, and who have access to your sensitive information via just their phone.

Quote from: Potato Chips on August 27, 2023, 06:58:01 PM

FTX claims no-sensitive data has been compromised but I'm not sure I trust it.

In what world is your full name, physical address, and how much money you were storing on these scam platforms not sensitive data? You've just made every single one of those users a target for physical attacks, especially any with a large number of coins.

Pretty laughable that they state "client funds" haven't been impacted. What funds? Everyone lost all their funds when these scam platforms collapsed, remember? Roll Eyes

What a complete shitshow. The number of reasons you should avoid centralized exchanges continues to grow exponentially.

joniboini

legendary

Activity: 2170

Merit: 1789

This is why I don't believe projects that claim they use secure encryption or whatever to secure their customers' data. If they end using an insecure setup like this it doesn't even matter if they don't have their user's data in plain text.

Btw, I heard that SIM swap attacks are popular in the US, so how come there is no protection against them from their side?

noorman0

hero member

Activity: 1778

Merit: 709

[Nope]No hype delivers more than hope

Quote from: Potato Chips on August 27, 2023, 06:58:01 PM

It's scary to think that companies out there are still relying on SMS/phone numbers for securing important employee accounts. The article did mention MFA but why bother adding SMS/phone number? and who knows what is included in their MFA.

By the way, the official ftx claim page also relies on SMS verification. Don't know how often claim reminders are sent to former users, recently someone got a similar email back. Just hope it's not from the Kroll hacker this time.

The ftx claims portal on Kroll is still under maintenance.

Potato Chips

hero member

Activity: 2786

Merit: 902

yesssir! 🫡

It's scary to think that companies out there are still relying on SMS/phone numbers for securing important employee accounts. The article did mention MFA but why bother adding SMS/phone number? and who knows what is included in their MFA.

Quote from: https://www.bleepingcomputer.com/news/security/kroll-data-breach-exposes-info-of-ftx-blockfi-genesis-creditors/

Kroll, who is facilitating claims for insolvent companies FTX, BlockFi, and Genesis Global Holdco, has confirmed that one of its employees was the victim of a SIM-swapping attack.

Hackers stole the Kroll employee's phone number and used it to gain access to some files with personal data of bankruptcy claimants.

Of course, the employee in question was a T-mobile user. If you're a T-mobile user, I suggest looking into all the sim swap accidents they've been in lol

Quote from: https://www.bleepingcomputer.com/news/security/kroll-data-breach-exposes-info-of-ftx-blockfi-genesis-creditors/

In a statement today, Kroll says that a threat actor on August 19 targeted a T-Mobile account belonging to a Kroll employee and managed to steal the phone number of a Kroll employee.

Genesis affected users has had the following leaked: full names, physical addresses, email addresses, and debtor claim details. FTX claims no-sensitive data has been compromised but I'm not sure I trust it.

In any case, if you submitted a claim on kroll, be extra careful with phishing scams cause it's safe to assume perps are gonna attempt it a lot.

Topic: Kroll data breach exposes info of FTX, BlockFi, Genesis creditors (Read 281 times)