Bitcoin ATM operator Byte Federal has suffered a data breach. The company said it was hacked through a vulnerability in GitLab, and as a result, the data of 58,000 customers fell into the hands of criminals.
Byte Federal is the largest operator of cryptocurrency ATMs in the United States. The company has more than 1,200 devices in 42 states, allowing people to exchange cash for crypto.
While it has not been disclosed which GitLab vulnerability was used in the attack, the developers have fixed a number of issues over the past year that could have been used in the attack.
Byte Federal says it has already performed a “hard reset” of all customer accounts, updated all internal passwords and account management systems, and revoked tokens and keys used to access the internal network.
While the company stresses that no user funds or digital assets were compromised as a result of the attack, the attackers successfully gained access to the following information:
It is not yet known who is behind the attack on Byte Federal. The company reports that third-party information security experts and law enforcement agencies have already been involved in the investigation of the incident.
Byte Federal is the largest operator of cryptocurrency ATMs in the United States. The company has more than 1,200 devices in 42 states, allowing people to exchange cash for crypto.
| “On November 18, 2024, Byte Federal learned of a security breach: an attacker gained unauthorized access to one of our servers by exploiting a vulnerability in GitLab, a third-party software platform widely used by developers around the world to manage projects and collaborate with comprehensive security tools,” Byte Federal said in a statement . “Upon discovering the incident, our team immediately took the platform offline, isolated the attacker, and secured the compromised server.” |
Byte Federal says it has already performed a “hard reset” of all customer accounts, updated all internal passwords and account management systems, and revoked tokens and keys used to access the internal network.
While the company stresses that no user funds or digital assets were compromised as a result of the attack, the attackers successfully gained access to the following information:
- full name;
- date of birth;
- physical address;
- phone number;
- email address;
- identity card;
- social Security number;
- transaction history;
- user photos.
It is not yet known who is behind the attack on Byte Federal. The company reports that third-party information security experts and law enforcement agencies have already been involved in the investigation of the incident.