The Cryptocurrency investment platform Atlas Quantum Sunday announced a data breach that exposed the personal details of roughly 261,000 customers.
The platform allows users to buy and sell Bitcoins on various other cryptocurrency trading platforms and allows users to make profits based on Bitcoin price fluctuations and exchange rates.
Customer names, phone numbers, email addresses and account balances were compromised in the incident, according to Have I Been Pwned. The firm’s entire user base may have been affected and users can check to see if their credentials were compromised on Have I Been Pwned.
“We would like to point out that this is not a steal of bitcoins in custody or violation of our accounts in the exchanges. However, our customer base was exposed,” the firm’s Chief Executive Officer Rodrigo Marques said in a translated Facebook post. “At the time of the incident, we took immediate steps to protect the database and passwords and private keys remain encrypted.”
The firm disabled some of its platform features while it is investigating the incident and said that it is monitoring the affected accounts to provide additional protection against fraud.
Kevin Stear, lead threat analyst at JASK said there is still room for malicious use by threat actors even though no funds were stolen in the breach.
“The rise of cryptocurrency marketplaces has significantly expanded the attack surface of conventional banking trojan campaigns, and these targets are typically entities without the robust security maturity, and anti-fraud capabilities, of traditional online banking providers,” Stear said, adding, “Even though no funds were stolen from Atlas Quantum users through this breach, it still should set off a serious alarm — for both users and the company — as the initial infiltration could be an early step in footprinting for a much larger campaign (e.g. spear-phishing) for consequential credential stealing and account take-over.”
Other researchers pointed out how the breach highlights how much cryptocurrency marketplaces are becoming high profile targets as well.
“Even those who do not actively use the platform to store or invest in crypto may have had their personal data exposed,” Bitglass Chief Technology Officer Anurag Kahol told SC Media.
“For companies like Atlas, that store mass amounts of user data, reputation and user data security are closely tied. Quickly identifying the cause of this breach and mitigating the threat of further data loss is a critical next step for Atlas and prevention should be top of mind for all companies that store high-value data.”