August 25, 2020
Data of more than 1,000 users from CryptoTrade.Tax, an online service used to calculate and file taxes on cryptocurrency trades, was stolen by a hacker.
The hacker broke into a CryptoTrader.Tax marketing and customer service employees account on a support center platform; this is according to a source that came across the hacker on a dark web forum. Using this access, hackers can see customers’ names, email addresses, payment processor profiles, and messages mostly containing cryptocurrency incomes.
The screengrabber hacker got samples of this confidential information, posted them on the forum so that potential buyers of the data trove, and sent additional pictures to the source, who shared this evidence.
David Kemmerer, a co-founder, and the chief executive of CryptoTrader.Tax confirmed to CoinDesk that a hacker gained unauthorized access on April 7 to the marketing and customer service employee’s account. The hacker was able to see support center details in the materials and downloaded a file containing 13,000 rows of information, including 1,082 unique email addresses, Kemmerer said.
A co-founder and the chief executive of CryptoTrader.Tax, David Kemmerer, confirmed that a hacker gained unauthorized access on April 7 to the marketing and customer service employee’s accounts. The hacker was able to see support center details in the materials and downloaded a file containing 13,000 rows of information, including 1,082 unique email addresses.
The company’s website security team investigated the breach and found tax filing account passwords and CryptoTrader.Tax’s website was not compromised, Kemmerer said. The team then alerted parties affected by the breach and improved security methods and monitoring systems across internal and third-party applications, Kemmerer said.
CryptoTrader.Tax, operated by Kansas City-based coin Ledger Inc., allows the users to import trades from 36 cryptocurrency exchanges and auto-generate cryptocurrency income gains and losses in tax reports exportable to TurboTax, the popular tax preparation software.
Premium users also enter billing information into Stripe, a payment processor, to pay for their subscriptions. The payment processor (Stripe) is connected to the support center platform of the CryptoTrader.Tax and shows customers’ email addresses and general locations, however, it does not expose physical addresses or credit, debit, and other banking information, the Stripe website stated.
The hacker also accessed marketing communications, referral numbers, commission earnings, and revenues from affiliates who promote the CryptoTrader.Tax service on websites and social media, according to the materials reviewed by CoinDesk and Kemmerer.
The marketing communications, referral numbers, commission earnings, and revenues from affiliates who promote the CryptoTrader.The hacker has also accessed tax service on websites and social media, according to the materials reviewed and stated by Kemmerer.