Byte Federal Bitcoin ATM Operator Suffers Data Breach Affecting 58,000 Customers

By Ava McKinneyOnline Safety

Byte Federal Bitcoin ATM Operator Reports Data Breach Impacting 58,000 Customers

Byte Federal, the largest operator of cryptocurrency ATMs in the United States, has suffered a data breach affecting 58,000 customers. The company revealed that hackers exploited a vulnerability in GitLab, a third-party software platform widely used by developers for project management and collaboration, to gain unauthorized access to one of its servers.

Byte Federal operates over 1,200 ATMs across 42 states, allowing users to exchange cash for cryptocurrency. According to the company’s official statement, “On November 18, 2024, Byte Federal became aware of a security incident: an unauthorized party gained access to one of our servers by exploiting a vulnerability in GitLab. Upon discovering the incident, our team immediately disabled the platform, isolated the attacker, and secured the compromised server.”

While the specific GitLab vulnerability used in the attack was not disclosed, developers have addressed several issues in the past year that could have been exploited. Byte Federal stated that it has already performed a “hard reset” for all customer accounts, updated all internal passwords and account management systems, and revoked tokens and keys used for internal network access.

The company emphasized that user funds and digital assets were not compromised in the attack. However, the attackers did gain access to the following customer information:

  • Full name
  • Date of birth
  • Physical address
  • Phone number
  • Email address
  • Identification document
  • Social Security number
  • Transaction history
  • User photographs

Unfortunately, this information could be used by criminals for SIM swap attacks, account takeovers, and targeted phishing. Affected customers are advised to remain vigilant, avoid responding to suspicious messages that may be phishing attempts, and report any incidents to the appropriate authorities.

The identity of the attackers remains unknown. Byte Federal has engaged external cybersecurity experts and law enforcement agencies to investigate the incident.

Leave a Reply