Coinbase, a popular cryptocurrency exchange, has denied any knowledge of a data breach involving its customers’ information on the Au10tix compliance platform. This denial comes in response to a report that claimed employee credentials from Au10tix had been leaked on Telegram. The Au10tix website displayed the Coinbase logo, leading to speculation that Coinbase is a client of the platform.
A representative from Au10tix clarified that while an employee credential was leaked, there is currently no evidence to suggest that any data has been exploited. The leaked credentials were reportedly discovered by cybersecurity firm SpiderSilk on Telegram. It is believed that an attacker infected an Au10tix employee’s computer with malware to obtain these credentials.
SpiderSilk was able to access customer data from one of Au10tix’s clients using the leaked credentials, highlighting the vulnerability of the system. This data included personal information such as names, dates of birth, nationalities, identification numbers, and types of uploaded documents like driver’s licenses. The data even contained links to actual images of American driver’s licenses.
Au10tix has since removed the leaked credentials, ensuring that customer data can no longer be accessed through them. They also stated that a thorough security review revealed no malicious activity or data leakage from their system. The compliance platform has taken additional measures to prevent similar incidents in the future, emphasizing its commitment to industry standards and best practices.
Coinbase has neither confirmed nor denied its use of Au10tix for storing customer data. However, the exchange maintains that it has no knowledge of any data breach affecting its customers as reported in the incident. It is worth noting that most jurisdictions require crypto exchanges to perform Know Your Customer verification, which involves collecting identification documents from customers. While this practice aims to prevent money laundering, critics argue that it infringes on users’ privacy.
In conclusion, Coinbase denies any data exposure on its platform and will continue to monitor the situation closely. Au10tix has taken steps to address the incident and ensure the security of its system. The use of identity verification platforms like Au10tix is common in the cryptocurrency industry to comply with regulatory requirements.