PSA: Casa and Nunchuk were breached and their data is currently being sold
Discussion
Link?
No place is safe when you use a third party
Oh wow! Nunchuk
Third parties are security holes.
Every one of them.
What data exactly?
Pretty much everything https://darkwebinformer.com/alleged-data-breach-of-multiple-cryptocurrency-platforms/
Seems fake
Nunchuk doesnβt use phone numbers to create accounts or for 2FA
nostr:nprofile1qqs0w2xeumnsfq6cuuynpaw2vjcfwacdnzwvmp59flnp3mdfez3czpsprpmhxue69uhkummnw3ezumr0wpczuum0vd5kzmp0ksxxx2 ?
We've investigated and haven't found any reason to believe it's true. The data they claim to have doesn't make sense.
Ouch! Is this true?
Yeah, very likely, the actor had a history of successful breaches and data distribution. https://darkwebinformer.com/alleged-data-breach-of-multiple-cryptocurrency-platforms/
Seems fake, or he is BSing about having phone numbers for Nunchuk since they donβt use phone numbers. Email and password is all you need. They donβt log passwords, so mot sure how they allegedly got those too.
Looks fake. It's quite impressive that they managed to hack more users from us than even exist. π
So that actors had multiple real breeches and auctions but this one is fake because the reported accounts dont match?
The specific set of data doesn't make sense either. If they were able to retrieve password hashes then I'd expect they'd have all of the user fields, which they're not claiming to have.
If the threat actor wishes to prove the veracity of their claim, they should post a sample of the actual data.
Go request it looks like they do
I had to double check, lol its reporting lines of data not users so. Let's try again