[BreachExchange] 266, 000 Passwords Stolen in Trident Crypto Fund Data Breach

Destry Winant destry at riskbasedsecurity.com
Mon Mar 9 10:22:15 EDT 2020 

https://www.infosecurity-magazine.com/news/trident-crypto-fund-data-breach/

A major data breach has occurred at Trident Crypto Fund, resulting in
the publication of over a quarter of a million customer usernames and
passwords online.

According to a report published on March 5, 2020, by Russian media
outlet Izvestia, the personal data of 266,000 registered Trident
Crypto Fund users was illegally accessed when a database was
compromised.

Data stolen in the attack against the fund is said to have included
email addresses, cell phone numbers, encrypted passwords, and IP
addresses.

Ashot Oganesyan, technical director of cybersecurity company
DeviceLock, told Izvestia that users' data was posted on a number of
file-sharing websites around February 20, 2020.

According to Oganesyan, the hackers responsible for the attack
decrypted and published a dataset of close to 120,000 passwords on
March 3. He emphasized that more than 90% of the login/password pairs
were unique and had never been found in leaks before.

With this information in hand, hackers could potentially get into
users' accounts and access their funds.

Trident Crypto Fund is a crypto-investment index fund that operates
out of Dragonara Business Centre in Malta, touting itself as "the
first coin-based index fund."

No mention of the data breach has been made on the fund's website or
announced via its Telegram group. However, Izvestia contacted an
individual whose data was breached in the incident, who confirmed the
connection between the leaked data and the Trident Crypto Fund.

"We work hard to help keep your account secure and protect your
personal information," it states on the fund's website.

"We work hard to ensure that the information you share is secure. We
investigate any suspected breach of security, including fraud
activity."

Oganesyan said that the data breach was notable as being the first
such incident to have a major impact on Russian citizens. According to
Oganesyan, 10,000 Russian users were affected by the attack on Trident
Crypto Fund.

"Apparently, Russian citizens might already have got their data leaked
before. However, no one has taken them into account before, and
personal data leakage of 10,000 Trident Crypto Fund users can be
considered the first major personal data leak of Russian crypto
investors,” said Oganesyan.

More information about the BreachExchange mailing list