banner
CryptoTrader.Tax hacked: user data was stolen
CryptoTrader.Tax hacked: user data was stolen
Security

CryptoTrader.Tax hacked: user data was stolen

By Marco Cavicchioli - 25 Aug 2020

Chevron down

CryptoTrader.Tax has been hacked, this is a website that allows calculating the taxes to be paid on cryptocurrency transactions in various countries around the world.

The website also allows downloading a tax report, which means that it requests and stores personal data. 

It seems that the hacker was looking precisely for that: the personal data of users registered on the website. In fact it seems that data of more than a thousand users has been stolen. 

The hacker was able to access the website’s support platform thanks to a marketing and customer service account. With this access, the hacker could see the names, e-mail addresses, payment processor profiles and messages of the users. 

After acquiring this information, he partially posted it on a dark web forum to attract potential buyers.

How did the CryptoTrader.Tax hack occur

The hack was confirmed by the co-founder and CEO of CryptoTrader.Tax, David Kemmerer, revealing that the unauthorized access occurred on April 7th with an account of a customer service employee. 

He also confirmed that the hacker downloaded a file containing 13,000 lines of information, including 1,082 email addresses, and had access to information such as user income from commissions and affiliate revenues. 

An internal investigation of the company revealed that the hacker didn’t gain access to users’ passwords, and no user accounts were compromised. 

The company claims to have taken new measures to improve the security of the website and the monitoring systems. 

This hack in some ways resembles the one that struck Twitter on July 15th, and at a time when many online platform operators are working in smart working, i.e. remotely, it should come as no surprise if attacks of this type were to increase. 

In fact, it may not be particularly difficult to circumvent the protections thanks to social engineering attacks aimed at employees with access credentials to platforms for support or management. 

In fact, it is very difficult for companies to control the actual operations of their employees when they are working in smart working, and in the case of employees who are not particularly careful, it may not be very difficult for experienced hackers to get hold of their access credentials, or even have them unwittingly handed over by the employees themselves. 

 

Marco Cavicchioli
Marco Cavicchioli

Class 1975, Marco teaches web-technologies and is an online writer specializing in cryptocurrencies. He founded ilBitcoin.news, and his YouTube channel has more than 25 thousand subscribers.

We use cookies to make sure you can have the best experience on our site. If you continue to use this site we will assume that you are happy with it.