Posted on May 25, 2020 at 2:58 PM
Under the Breach, an online monitoring platform reported that a hacker is seriously trying to sell customer details from companies like investment platform Bnktothefuture, and other crypto wallets like Ledger, Trezor, as well as Keepkey.
However, it seems the hacker does not have passwords for the accounts but is selling detailed information about the users’ accounts, including phone numbers, residential addresses, and email addresses.
Under the Breach stated that customers who buy products from firms like Keeper, Trezor, and Ledger using Shopify could be victims of this latest hack.
The hacker claiming responsibility for this breach is the same hacker that compromised the forum Ethereum.org. The hacker also claims he has a massive database of customers in his possession.
From the research conducted by Under the Breach, the hacker has three large databases of leaked customer details, with about 80,000 customers containing the database. The details include the residential address of the customer, phone number, name, email addresses, and other details. Under the Breach also confirmed that there were no passwords included in the details.
Ledger says the report is a rumor
The database from Shopify was purportedly from Keepkey, Trezor, and Ledger. But yesterday, Ledger addressed the situation and said the information about some of the breaches coming from its firm is just a “rumor”.
According to Ledger, “Rumors pretend our Shopify database has been hacked through a Shopify exploit,” The Company further stated its eCommerce team is presently looking into the allegations.
The team said they have analyzed the so-called hacked database and so far it does not match the company’s real database. Ledger also said it is taking the matter very seriously and it will continue investigating the allegation.
Trezor hardware has also refuted claims the hacking incident included details from its customers. From Trevor’s official Twitter account, the company said it is aware of some rumors going on about its eshop database being hacked via a Shopify exploit. The company said the claims are false because its eshop doesn’t utilize Shopify.
However, it has started investigating the claims. And as a measure to enforce more stringent security, the company says it’s taking down old customer records from its database. This is necessary, according to the firm, to prevent or reduce any imminent attack.
However, Keepkey, who was also mentioned in the breach, has not responded to the claims made by the hacker, although details may be available on its website or Twitter page very soon.
Shopify refutes claims of a data breach
The information available to Under the Breach indicates that no passwords were involved in the breach. It was also reported that the hacker also compromised the SQL database of Bnktothefuture and stole identity details from the investment platform too.
When a Shopify representative was contacted about the hacking incident, he vehemently rejected the claim and said there was no breach on Shopify’s system. The representative said Shopify has rigorously investigated the claims and there was no evidence to show the company was compromised. Shopify said its systems and servers are intact and there has been no breach as claimed by the hacker.
Hacker claims to have a database of more than 20 crypto exchanges
The hacker has several dubious claims with databases from more than 20 cryptocurrency exchanges in the world. These are claims made by the hacker, but no one has been able to confirm whether these claims are genuine. As a result, it seems to be just hearsay as no one can verify whether the hacker has the databases.
The hacker also announced that he compromised and stole details from two digital currency tax firms and plans to sell the data on the darknet.
Apart from the email lists of two cryptocurrency tax platforms advertised, the hacker is also advertising the databases of 18 virtual currency exchanges and forums. Since the alleged stolen details don’t contain passwords, it may be difficult to prove whether the hacker’s claims are genuine.