4.8 Million User Records Allegedly Leaked From Paxful Trading Platform On Sale For One Bitcoin
Update: We have received an email from the company clarifying that the data was obtained illegally from a third party supplier Paxful previously used.
"We've completed the investigation. Our customers’ data has not been compromised in any way. There has been no data breach of the Paxful platform."
Peer-to-peer cryptocurrency trading platform Paxful has become the latest target of a massive data breach.
What Happened: According to a report from the Telegram channel ‘Information Leaks,’ a Paxful database containing 4.8 million users and employee information is now available for sale on a darknet forum.
The leak contained full names, email addresses, hashed passwords, IP addresses, and digital browser fingerprints belonging to users. In some cases, even phone numbers, addresses, and dates of birth of specific users were available.
An anonymous seller with the username “mafufi” shared a sample of the stolen data froma cloud-based pay management system for employees salarium.com. The entire database was offered for sale for 1 BTC (Bitcoin), which amounted to $58,708 at press time.
The seller reported the date of the breach as April 5, but so far, Paxful has not made any public statements confirming or denying that their database has been compromised. The company did not respond to Benzinga’s request for comment at the time of writing.
Why It Matters: Paxful’s data leak comes amidst a number of similar incidents that have taken place over the past week. Facebook, Inc’s (NASDAQ:FB) data leak on April 3 saw over 533 million users' data made publicly available for free. This was followed by Microsoft Corporation (NASDAQ:MSFT) owned LinkedIn’s leak where data scraped from 500 million users was put up for sale on a hacker forum.
LinkedIn claimed that the data was an aggregation “scraped” from a number of websites and companies and wasn’t a result of LinkedIn’s database security being compromised in any way.
“This was not a LinkedIn data breach, and no private member account data from LinkedIn was included in what we’ve been able to review,” said the company in a statement.
© 2021 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.