Cybersecurity company “Under The Breach” has revealed that customers who have bought products using Shopify and bought items from companies such as KeepKey, Trezor, Bnktothefuture, and Ledger may have had their data leaked.
The cybersecurity company tweeted screenshots from a hacker trying to sell stolen data from KeepKey, Ledger, Trezor, and Bnktothefuture users.
The ‘Rumored’ Hack
The cybersecurity company further mentioned that the data was stolen after the hacker exploited weaknesses in the e-commerce website Shopify. The cybersecurity company posted screenshots in which the hacker advertised huge databases with information associated with an alleged 80,000 customers. This includes the customer’s name, email address, residential address, phone number, and other pieces of data.
The hacker is claimed to be the same individual who hacked the forum Ethereum.org in 2016. The hacker is now claiming to have the databases for Ledger, Trezor, and KeepKey users, including other important information. The hacker also claims to have hacked the Bnktothefuture SQL database and stole identify information from the investment platform. The databases are up for sale, but it may turn out to be false and publicity stunt.
A communications manager at Shopify said: “We investigated these claims and found no evidence to substantiate them, and no evidence of any compromise of Shopify’s system.”
Two of the four firms have taken the allegations seriously.
Ledger made a follow-up on the matter, terming it as a rumor. The hard wallet provider claims that so far, the allegedly hacked database does not match its real database. Ledger said that it is likely that the hacker is totally lying. The company confirmed that it will be continuing its investigations on the issue.
Trezor tweeted its confirmation that there are rumors going around that its e-shop database has been attacked through a Shopify exploit. The company clarified that its e-shop doesn’t use Shopify, thus making a Shopify-related hack impossible. The firm said: “We are nonetheless investigating the situation. We’ve been also routinely purging old customer records from the database to minimize the possible impact.”
The hacker has several dubious claims and is reported to have databases for almost 20 crypto exchanges globally. Nobody can confirm whether or not the hacker truly does have these databases. So far it appears to be more hearsay.
US Law Firms Had Data Stolen and Encrypted by Hackers Demanding Crypto Ransoms
Various big companies seem to have been the victim of recent cyberattacks, which has led to the theft of a massive amount of private information from customers. Hackers have recently breached five US law firms and encrypted their data, thus forcing each firm to pay 100 Bitcoins (about $918,500 at the time of this report) to restore their access. The hacker group identified as “Maze” also has threatened to sell some stolen data in case the firms refused to pay a ransom. The hackers have developed the habit of publishing small parts of stolen data and release more and more sensitive aspects until victimized firms pay a ransom. Hackers demanding ransoms in Bitcoin have a negative impact on the public image of cryptos, making people believe that such coins are just meant for criminals. Last year was marked not only by multiple ransoms demanding cryptocurrencies but also by major cryptocurrency scams.
Image via ShutterstockImage source: Shutterstock