Update: November 17, 2023. Update written by Shiela Bertillo:
In response to the recent data breach on Coins.ph, a locally licensed cryptocurrency exchange, Global Marketing Director Kat Gonzalez clarified that only a small fraction of users was affected by the issue.
As highlighted by BitPinas in a previous report, not every user has received an email notification regarding the breach; one of the plausible explanations is that the breach might have been confined to a specific subset of users. In response to this, Gonzalez confirmed that the security compromise was indeed limited to a small subset of Coins.ph users.
She also added that the firm promptly notified those affected in accordance with data privacy regulations. Additionally, they took immediate action and implemented enhanced security measures, including password and key rotation.
“Importantly, user funds and assets are safe and secure,” Gonzalez assured.
Original article follows:
Locally licensed cryptocurrency exchange Coins.ph sent an email to affected customers about a data breach that happened on the platform. While Coins reassured that the funds remain secure, personal data such as names, contact details, birth dates, hashed passwords, and IDs have been potentially compromised, as per the email.
Upon verifying with various Coins.ph users, it appears that not all users have received this notification. This discrepancy suggests either pending communication from Coins.ph or that the breach impacted only a specific group of users, necessitating targeted outreach.
BitPinas has contacted Coins.ph for an official statement on the number of users affected by the breach.
In the email screenshot viewed by BitPinas from one of the affected user, as well as another user who contacted this website through LinkedIn, Coins said the following personal information have been breached:
- Contact Details
- Date of Birth
- Hashed Passwords
Coins stated that it has already taken immediate action and has tightened its cybersecurity and risk controls.
- Still, Coins.ph is urging affected users to change their passwords and enable multi-factor authentication for added security.
Coins.ph Full Email
We value your privacy and are reaching out to directly advise you of a recent data breach that resulted in the unauthorized access of personal information. Rest assured your funds are safe and secure, and no user assets were compromised. However, personal information such as your name, contact details, date of birth, hashed passwords and ID may have been affected.
In response to the incident, we have taken immediate action and implement enhanced security measures such as password and key rotation, and have tightened cyberseucrity and risk controls.
Affected users are strongly encouraged to change current passwords and use multi-factor authentication to safeguard accounts, this included utilizing email address, mobile number and Google Authenticator as additional security layers.
We sincerely apologize for any inconvenience this may have cause and are here to address any questions you may have. Our Data Protection Officer may be reached at email@example.com and firstname.lastname@example.org
The breach comes amid heightened concerns over the safety of crypto exchanges, following a recent exploit where Coins.ph reportedly lost over $6 million worth of XRP tokens.
- On October 21, BitPinas reported of a suspected hack at Coins.ph, resulting to the lost of 12 million XRP.
- Blockchain analytics firm Chainalysis confirmed with this website that the token’s movements can be investigated in their product.
This is a developing story.
This article is published in BitPinas: Coins.ph Suffers Data Breach: Personal Information Compromised
BitPinas articles on how to keep your accounts safe:
- Before investing in any cryptocurrency, it is essential that you carry out your own due diligence and seek appropriate professional advice about your specific position before making any financial decisions.
- BitPinas provides content for informational purposes only and does not constitute investment advice. Your actions are solely your own responsibility. This website is not responsible for any losses you may incur, nor will it claim attribution for your gains.