Type
Incident
Actors
Unknown
Pub. date
December 12, 2024
Initial access
1-day vulnerability
Impact
Data exfiltration
Observed techniques
Vulnerability exploitation
Targeted technologies
GitLab
References
https://www.bleepingcomputer.com/news/security/bitcoin-atm-firm-byte-federal-hacked-via-gitlab-flaw-58k-users-exposed/
Status
Finalized
Last edited
Dec 16, 2024 3:51 PM
Byte Federal, the largest US Bitcoin ATM operator, experienced a data breach in November 2024, exposing the sensitive data of 58,000 customers. Hackers exploited an unspecified GitLab vulnerability to gain unauthorized access to Byte Federal's servers. The compromised information includes full names, dates of birth, physical addresses, government-issued IDs, SSNs, and more, posing risks such as SIM swap attacks, account takeovers, and phishing attempts. While no digital assets or funds were affected, impacted users are advised to reset passwords, monitor their accounts, and remain vigilant. Forensic investigations and law enforcement involvement are ongoing, though no misuse of the data has been confirmed so far.