TL;DR
- Users affected by the data breach. A crypto betting platform, Shufflecom, confirmed a serious data breach.
- The leaked data includes names, email addresses, and KYC documents (driver’s licenses/passports) uploaded for age verification.
- The platform assures that user funds and passwords were not compromised, but urges users to enable 2FA and remain vigilant.
Shuffle.com, a digital asset betting platform, confirmed a security incident involving a data breach affecting a significant number of its users. This type of breach underscores, once again, the inherent vulnerability of centralized platforms, even in the crypto sector.
The company issued a statement indicating that an unauthorized third party managed to access the user database. Although the platform asserts that customer funds and passwords are secure and were not compromised, the exposed information is of a sensitive nature.
Ā
Sensitive Data Compromised
The data breach at the Shuffle.com betting platform includes various types of personal information that an attacker could use for phishing or social engineering attempts:
- Full names.
- Email addresses.
- Phone numbers.
- Customer support message logs.
- Limited payment information (such as payment type and the last four digits of cards).
Of particular concern among those affected is that the perpetrator was also able to gain access to Know Your Customer (KYC) identity verification images, such as driver’s licenses and passports that users uploaded to confirm their age.
Shuffle.com acted immediately after detecting the incident. Their team moved to revoke the access of the compromised external support provider, launched an internal forensic investigation in collaboration with cybersecurity firms, and notified the competent authorities.
The platform urged its users to exercise extreme security precautions. In particular, it recommended enabling two-factor authentication (2FA) on all accounts and being alert to suspicious emails or communications that may attempt to exploit the leaked data to obtain passwords or private keys.
It is necessary to reiterate the critical need for crypto platforms to strengthen their security protocols, especially those related to external service providers and the handling of sensitive identification data.
For affected users, this platform’s data breach is a severe reminder of the importance of protecting digital identity in the volatile cryptocurrency environment.
