On the 27th of June, the cryptocurrency trading platform Coinbase refuted claims of a security lapse linked to the Au10tix verification system, following a report on the 26th of June alleging that an Au10tix staff member’s login details were compromised and shared on Telegram. The Au10tix website, which displays the Coinbase emblem, suggests a business relationship between the two entities.
A spokesperson for Coinbase communicated to Cointelegraph, “At present, we have no indication of any compromise of Coinbase data and are keeping a vigilant watch over the situation.”
Au10tix, a platform specializing in identity verification, boasts a clientele that includes Fiverr, TikTok, Uber, X, Coinbase, among others, and is responsible for securely storing users’ photographic identification and other personal details.
Caption: Au10tix’s official website. Credit: Au10tix
An Au10tix official clarified that the leak of an employee’s credentials could have potentially exposed sensitive personal information (PII). However, they added, “Our ongoing investigation has yet to find any misuse of the data.”
On the same day, 404 Media reported that the verification platform had inadvertently made administrative credentials publicly available for over a year, creating a potential vulnerability for hackers to exploit and access confidential data.
These credentials were reportedly unearthed by the cybersecurity enterprise SpiderSilk, which stumbled upon them on Telegram. It is believed that the credentials were compromised through malware that targeted an Au10tix employee’s computer.
A security analyst from SpiderSilk managed to access client data from at least one user of the platform, demonstrating the accessibility of the data to anyone in possession of the leaked credentials. The exposed data encompassed names, birth dates, nationalities, identification numbers, and document types, such as driver’s licenses. Moreover, the data contained links to actual images of American driver’s licenses.
In related news, a cybersecurity breach at Kroll resulted in the leak of sensitive data, as reported by the media.
Following the incident, an Au10tix representative assured Cointelegraph that the compromised credentials have been entirely eradicated, ensuring that customer data is no longer vulnerable through those means. They also stated, “After an exhaustive security audit, we have determined there was no malevolent activity nor any data breach within our systems.”
To prevent future occurrences, Au10tix has implemented additional security measures. The representative declared, “Au10tix is committed to adhering to the highest industry standards, market requirements, and up-to-date best practices.”
Coinbase has neither confirmed nor denied its use of Au10tix for data storage purposes. Nonetheless, it has acknowledged being unaware of any customer data breaches related to the reported incident.
Regulatory bodies in most regions mandate that centralized cryptocurrency exchanges conduct Know Your Customer (KYC) checks, which involve requesting customers’ driver’s license or passport images. Proponents of this practice argue it is essential to deter money laundering activities through exchanges, while opponents contend it infringes upon user privacy.
In magazine news, as scammers find it increasingly challenging to target Ethereum users, they are shifting their focus to TON and Bitcoin.