A major US Bitcoin ATM operator, Byte Federal was hacked, compromising the sensitive personal information of thousands of customers.
The Byte Federal data breach exposed the personal information of 58k customers.
Owing to a GitLab vulnerability, hackers in November tapped into the Bitcoin giant’s systems and gained unauthorised access.
One of the largest Bitcoin operators in the US, Byte Federal has over 1,200 ATMS across 42 states in the country where it lets people exchange cash for cryptocurrency.
Despite the breach occurring in September, Byte Federal is now notifying its users of the potential data compromise.
Hackers Exploit GitLab Vulnerability
Hackers exploited a vulnerability in third-party software – GitLab to gain access to Byte Federal's network.
The Byte Federal data breach notification letter stated that on November 18, 2024, Byte Federal became aware of a security breach by a bad actor.
The malicious actor “gained unauthorised access to one of our servers by exploiting a vulnerability in GitLab, a third-party software platform commonly used by developers worldwide for project management and collaboration with comprehensive security features,” the letter continued."
“Upon discovery of the incident, our team immediately shut down our platform, isolated the bad actor, and secured the compromised server."
In another data breach official filing to the Maine attorney general, the American Bitcoin operator said that hackers tried to access the data of 58,000 customers.
The exposed sensitive information included customers' names, addresses, phone numbers, government-issued IDs, Social Security numbers, transaction history, and user photographs.
The specific GitLab vulnerability exploited remains unbeknownst. However, Byte Federal has implemented additional security measures this year to address other potential vulnerabilities that could have led to similar breaches.
As of now, the hacker responsible for the Byte Federal data breach has not been publicly identified. The investigation is ongoing, and law enforcement agencies may be involved in tracking down the culprit.
Also Read: LEGO Hacked In Crypto Scam Cyber Attack
Byte Federal Response to Breach
In response to the data breach, Byte Federal is carrying out “hard resetting” steps for all customer accounts. This is aimed at mitigating the potential risks linked with compromised credentials.
The US Bitcoin company is also updating internal passwords to strengthen internal security measures.
It has already issued a notice to its customers, informing them of the hacking incident that occurred in November and how it may impact them. Those affected are advised to remain vigilant of any suspicious activity.
"If you have not reset your login credentials for access to Byte Federal services, please do so now," the data breach notice advised.
"It's important to remain vigilant for incidents of fraud and identity theft that may impact your financial security by regularly reviewing your account statements and by monitoring your credit reports."
