Update: Coin Cloud Data Breach Exposes 300k Users: Stolen Selfies and Source Code Reportedly Compromised

The defunct Bitcoin ATM provider, Coin Cloud, has reportedly fallen victim to a massive data breach. Unidentified hackers have allegedly infiltrated the company's security infrastructure, compromising the personal information of over 300,000 users and pilfering the entire source code that powers Coin Cloud's operations.

The attackers boast unauthorized access to a treasure trove of sensitive customer data, including 70,000 customer selfies captured by the ATMs' integrated cameras. Aside from invading privacy, these images exposed personally identifiable information (PII) for the affected users. 

The stolen data encompasses social security numbers, dates of birth, names, email addresses, telephone numbers, occupations, physical addresses, and more. This extensive breach has severe implications for users in both the United States and Brazil, exposing them to potential identity theft and various cybercrimes.

‍

The Stolen Intellectual Property (IP): A Double Blow

Compounding the severity of the breach, the threat actors claim to have absconded with the entire source code of Coin Cloud's backend. This includes proprietary technology crucial for the functioning of cryptocurrency ATMs and the overall operations of the company. 

As a result of the theft, Coin Cloud's users are at risk of potential misuse and exploitation since the hackers have a deep understanding of its systems. 

Worth noting, that last February, Coin Cloud filed for bankruptcy to reorganize debts and protect creditors, resulting in the incident. The company's financial woes, with liabilities ranging from $100 million to $500 million and assets between $50 million and $100 million, hint at a troubled history that may have contributed to the vulnerability exploited by the hackers.