58,000 Bitcoin ATM Users at Risk as Operator Byte Federal Hacked

The operator of 1,200 bitcoin (BTC) ATMs, Byte Federal, suffered a data breach, putting 58,000 of its customers at risk, a filing revealed.

The breach occurred on September 30 this year, was discovered on November 18, but the scale of the breach was only reported in a filing with the Office of the Maine Attorney General this week.

In a notice to the Attorney General, Byte Federal said that "a bad actor" gained unauthorized access to one of their servers by exploiting a vulnerability in software provided by GitLab, a third party software platform. Per the company, following the discovery, the platform was shut down and the compromised server secured, while their security practices were enhanced and their users notified.

The attacker targeted personal information such as name, birthdate, address, phone number, email address, government-issued ID, social security number, transaction activity, and photographs of users. However, Byte Federal claims they have no evidence at this time that any of the accessed personal information was compromised or misused in any manner.

Additionally, they claim that no user funds or assets were compromised, while the investigation is still ongoing.

The company also urges its clients to reset their login credentials for accessing Byte Federal services.

"We strongly urge you to place a fraud alert or security freeze on your account with each of the major credit reporting agencies," they added.

It's not the first time BTC ATMs are being targeted by hackers. In March 2023, hackers exploited a vulnerability in General Bytes Bitcoin ATMs, stealing an estimated $1.6 million worth of cryptoassets.