on the crypto
BlockFi claimed that a hacker stole user data after violating an employee's smartphone and taking control of their phone number via a SIM exchange.
The attack on May 19
On May 19, the New York-based cryptocurrency lending platform announced to users that a hacker - whose identity remains unknown - gained access to some of its retail systems on May 14 with an hour in advance.
“On May 14, there was a problem with the data at BlockFi which revealed some information on customer accounts for a short period of time. Although no information has been violated that would allow the intruder to access your account or funds, we believe it is in the principle of transparency to share the following details with you and all our other potentially interested customers, "it is written in the note.
BlockFi said the hacker had access to confidential data, such as names, dates of birth, postal addresses and business histories. Other sensitive account information, including bank account details, social security and tax identification numbers, passport and driving license numbers and photo scans, were not affected by the data breach, the company said .
Here's what BlockFi said
Even the funds of the Investors they have not been compromised in any way. In an incident report published on the same day, BlockFi explained that the hacker had accessed via an employee's smartphone.
By causing the mobile operator to activate the employee's phone number on another device, the hacker was able to access parts of the company's internal systems.
"A BlockFi employee's phone number was hacked and used by an unauthorized third party to access BlockFi's encrypted back-office system," reads the incident report.
"The unauthorized third party was able to access BlockFi customer information, generally used by BlockFi itself for retail marketing purposes, for the duration of this incident."
Client funds are out of danger thanks to BlockFi's safeguard measures
The report adds that the hacker unsuccessfully attempted to withdraw funds from users before BlockFi was finally able to remove them from the internal system. In a statement, a BlockFi spokesperson said:
“A single intruder gained limited access for a short period of time to select internal marketing systems. The BlockFi team immediately cushioned the impact of the breach through a series of permanent policies and safeguards in place to protect the client's resources and data. "
"The problem has since been resolved and the BlockFi products and services are fully operational and secure," added the spokesman. It was not specified which mobile network was used by the employee.