U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

US Bitcoin ATM operator Byte Federal suffered a data breach

US Bitcoin ATM operator Byte Federal suffered a data breach impacting 58,000 customers, attackers gained unauthorized access to a server via GitLab flaw. US Bitcoin ATM operator Byte Federal disclosed a data breach after threat actors gained unauthorized access to a company server by exploiting a GitLab vulnerability. Byte Federal is a company specializing in […]

Grinex

US Bitcoin ATM operator Byte Federal suffered a data breach impacting 58,000 customers, attackers gained unauthorized access to a server via GitLab flaw.

US Bitcoin ATM operator Byte Federal disclosed a data breach after threat actors gained unauthorized access to a company server by exploiting a GitLab vulnerability.

Byte Federal is a company specializing in cryptocurrency services through its network of over 1,200 Bitcoin ATMs across the United States. These ATMs allow users to buy and sell Bitcoin and other cryptocurrencies, including Ethereum, Dogecoin, and stablecoins like USDC and DAI.

The incident affected 58,000 customers, and the company is notifying them about the data breach.

The company responded to the incident by shutting down its platform, locking out the attacker, and securing the compromised server. The incident response included enhanced security, a hard reset on customer accounts, and the update of internal passwords and network keys. The company is investigating the incident with the help of an external cybersecurity team.

“On November 18, 2024, Byte Federal became aware of a security breach by a bad actor who gained unauthorized access to one of our servers by exploiting a vulnerability in GitLab, a third party software platform commonly used by developers worldwide for project management and collaboration with comprehensive security features.” reads the data breach notification letter sent to the impacted customers. “Upon discovery of the incident, our team immediately shut down our platform, isolated the bad actor, and secured the compromised server.”

Potentially compromised customer personal information includes name, birthdate, address, phone number, email address, government-issued ID, social security number, transaction activity, and photographs of users.

However, the company has no evidence at this time that any of the customer information was actually compromised or misused in any manner. Nonetheless, Byte Federal is taking precautionary measures to ensure the security of its data.

Byte Federal did not reveal the GitLab vulnerability exploited by the attackers.

US Bitcoin ATM operator recommends users reset their login credentials and monitor accounts for fraud or identity theft. Users are encouraged to review statements, monitor credit reports, and place fraud alerts or security freezes with credit reporting agencies to prevent unauthorized activity. Victims of identity theft can file reports with local law enforcement or the FTC for assistance in securing their accounts.

Unlike other companies that suffered a data breach, Byte Federal has not offered any identity theft protection and credit monitoring services.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Bitcoin)