Bitcoin ATM company Coin Cloud suffers attack and user data is exposed

Bitcoin (BTC) automated teller machine (ATM) company Coin Cloud was reportedly the target of a hacker attack that resulted in the loss of sensitive user data. According to security experts, hackers stole more than 70,000 customer selfies and sensitive personal information from 300,000 people.

Coin Cloud operated more than 4,000 Bitcoin machines in the United States and Brazil. The company filed for bankruptcy protection in the US in February this year with liabilities of between $100 million and $500 million. This process, however, does not affect the company’s operations in Brazil.

According to the filing filed with the U.S. Bankruptcy Court for the District of Nevada on Feb. 7, the Las Vegas-based company had assets of between $50 million and $100 million and up to 10,000 creditors.

Attack steals sensitive data from Coin Cloud users

To CriptoFácil, the company informed that the theft of personal data only affected users in the USA and not in Brazil. Hackers said they stole the source code of Coin Cloud’s backend system, according to cybersecurity expert vx-underground.

“They [os hackers] claim to have exfiltrated 70,000 customer selfies (via ATM cameras) and 300,000 customer PII, which includes social security number, date of birth, first name, last name, email address, phone number, current occupation, physical address and much more. They claim to have data on individuals residing in the United States and also in Brazil”, wrote the expert on X.

Although vx-underground said that Brazilians’ data was exposed, Coin Cloud assured that Brazilians’ data is safe:

“The CC Br and USA systems are different, there was no Brazilian data exposed.”

The images shared by vx-underground show Coin Cloud customers’ selfies as well as personally identifiable information.

Vx-underground told The Block that the hacker was sharing the claims on private channels and that the leaked database could soon be published online. Coin Cloud has not yet officially commented on the situation, but CriptoFácil will update this article if there is a position.

*News updated (2:28 p.m. BRT) to include Coin Cloud’s position that ensured that Brazilians’ data was not exposed.