A US-based crypto payments firm says tens of thousands of users are exposed after a hacker gained access to an employee’s laptop.
The fiat-to-crypto payment provider Transak says the security incident has affected 92,554 of its users.
According to Transak, the attacker obtained unauthorized access through a “sophisticated phishing attack.”
With the employee’s credentials, the attacker was able to log in to a third-party KYC (know your customer) vendor that Transak uses for customer document scanning and verification services.
Once compromised, the attacker was able to access the personal information of some users who had gone through the KYC process.
The hacker was ultimately able to access customers’ names, date of birth, ID documents like passports and driver’s licenses and selfie photos and videos.
Although sensitive identification documents were exposed, Transak says it does not believe private financial information has been accessed.
“After our thorough checks, we can confidently confirm that no financially sensitive information, including email addresses, phone numbers, passwords, credit card details, Social Security Numbers, or any other financial data, was compromised in any way. Our financial systems’ security measures remain robust, and we continue to protect all critical data, ensuring the highest level of privacy and security for our users.
Transak operates as a fully non-custodial platform, meaning that user funds—whether fiat or cryptocurrency—are never held by us and therefore remain completely secure and unaffected by any such attack. Users retain full control over their assets at all times, ensuring that no funds are ever at risk.”
Transak says the affected users amount to 1.14% of its customer base.
Generated Image: Midjourney
Read the full article here