Coinbase Denies Data Breach Claims Linked to Au10tix Security Incident
Summary:
Digital currency exchange, Coinbase, has refuted allegations of a data breach linked to identity verification platform, Au10tix. The claim followed a report suggesting the credentials of an Au10tix employee had been leaked on Telegram. Au10tix confirmed that the employee's login info was compromised, but assured no data had been exploited. The incident led Au10tix to enhance its security systems and assign a dedicated team to monitor future activities. Coinbase neither confirmed nor denied using Au10tix to store customers' data.
Digital currency exchange, Coinbase, has refuted claims of any breach linked to the customer data veracity platform, Au10tix. This comes off the back of a report issued on June 26, suggesting that the login details of an Au10tix employee had been compromised and shared via Telegram. Coinbase, whose logo appears on the Au10tix website, suggesting a client relationship, has quashed any notions of a data leak. An official from Coinbase informed Cointelegraph that, to their knowledge, no data exposure had taken place.
Au10tix serves as a validation platform for identification and is used by well-known services like Fiverr, TikTok, Uber, X, Coinbase and more. The platform stores users' identification photos and personal information on behalf of the companies it works with. Upon clarification, an Au10tix spokesperson confirmed the leak of an employee's login, which could potentially lead to access to Personal Identifiable Information (PII) data. However, according to their current findings, no data made its way into the wrong hands.
On June 26, 404 Media reported that Au10tix had inadvertently exposed a set of administrative credentials online for an extended period, raising concerns about potential hacker access to sensitive data. These login details were allegedly discovered by cybersecurity company, SpiderSilk, on Telegram. The suspicion is that these credentials may have fallen into the hands of someone who had infected an Au10tix employee’s computer with malware.
A security researcher from SpiderSilk was reportedly able to use the leaked login to access customer data, affirming that this personal information was available for those possessing the disclosed credentials. This data contained personal details such as names, birth dates, nationality, identification numbers, as well as the type of document, including driver's licenses.
In response to this, an Au10tix spokesperson assured Cointelegraph that these exposed credentials had been entirely erased and customer data was no longer accessible via these credentials. Reassuringly, they added that an extensive security review had confirmed no recognizable malicious activity or data leak from their system.
Taking proactive measures to avoid such occurrences, Au10tix has enhanced its security systems and assigned a specialized team to continuously monitor future activity. The company reassured all that it always adheres to the highest industry standards, market requirements, and recent best practices.
Coinbase neither confirmed nor denied using Au10tix to store customer data. However, it made it clear in a statement that it had no information regarding a customer data breach related to the reported incident. Centrally controlled cryptocurrency exchanges, in most jurisdictions, are required to execute KYC (Know Your Customer) verification, which calls for customers to provide copies of their driver’s licenses or passports. This strategy, albeit criticized for infringing on user privacy, is defended as a necessity to prevent money laundering through these exchanges.
Published At
6/27/2024 9:32:30 PM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.