In a recent email, multi-signature wallet provider Casa mentioned that a segment of its customers was affected by a data breach related to e-commerce provider BigCommerce.
The email reads:
“Earlier today we sent a notification to some Casa Store customers to inform them of an incident in which an unauthorized actor obtained customer information from a third-party e-commerce vendor used by Casa Store”.
According to Casa, the incident only affects customers that purchased products from Casa’s e-commerce store. On this separate website, Casa used to sell its Node as well as other products.
This secondary website used BigCommerce as its e-commerce provider. Regular customers that use the Casa multi-signature wallet are not affected by the data breach, unlike the data breach that recently affected Swan Bitcoin’s customers.
The email further states:
“On July 24, BigCommerce experienced a data incident in which an unauthorized user gained access to the Casa Store and exported customer order information. The attacker also defaced the Casa Store and briefly posted a link to a scam offering; we do not believe that any customers participated in the scam offering.”
The leaked data includes names and certain order-related information, which could presumably include customers addresses, since e-commerce products have to be shipped physically.
Credit card information and passwords were not affected. Casa App logins, credentials and transactions are unaffected by the data breach as well, according to the email.
Just yesterday, Swan Bitcoin, one of the most trusted bitcoin savings apps among bitcoiners, was involved in a data breach. In the case of Swan, the incident happened when Klaviyo, Swan’s email marketing provider, fell victim to a phishing attack.
Many bitcoin and crypto related data breaches in the past involved third-party providers that likely have poor Opsec. BigCommerce and Klaviyo both mostly deal with non-bitcoin and crypto businesses, and aren’t necessarily prepared for the level of attack that a motivated actor is willing to carry out to acquire bitcoin-related data.
Centralized databases that contain bitcoin-related customer information are “honeypots” for hackers, because they consists of highly-valuable datasets that can be used for phishing attacks and other forms of theft.