Crypto App Shakepay Reveals Data Breach Affecting a ‘Small Number’ of Customers

In a recent announcement, Shakepay, the Canadian crypto app, disclosed a data breach involving unauthorized access to the personal information of a select group of its customers. The breach, detected on Dec. 13, 2023, compromised data but did not affect any bank accounts, crypto wallets, or customer credentials.

Shakepay Addresses Data Breach Concerns, Offers Free Credit Monitoring to Impacted Users
The breach at Shakepay, which offers commission-free services for trading bitcoin (BTC) and Ethereum (ETH), was identified following unusual activity on an employee’s work device. Shakepay’s security team quickly responded, deauthenticating and removing the compromised device from their network. This action was part of the company’s incident response protocol, aimed at minimizing the impact of such breaches.

Shakepay’s investigation revealed that the breach, active between March and December 2023, resulted in the extraction of personal details of a small customer segment. Potentially exposed information includes names, emails, addresses, birth dates, phone numbers, occupations, trusted contacts, account balances, and transaction history. This incident highlights the growing challenges faced by digital currency platforms in safeguarding user data.

Several individuals on the social media platform complained. “Nobody can protect your data,” one person responded to Shakepay’s announcement on X (formerly Twitter). “I don’t care how good of a company you are. The weak link employee will get owned. KYC information = future stolen information. Also March to December? That's bad opsec.” Another person wrote:

So your company is responsible for doing a bunch of people that trusted you.

Following the breach, Shakepay said it advised customers to be vigilant of fraudulent activities. Recommended protective measures include upgrading to stronger account security methods like two-factor authentication, being cautious of suspicious communications, and changing passwords. The company has emphasized the importance of logging in only through official channels and using unique, strong passwords.

To support affected customers, Shakepay disclosed the company has implemented additional security measures and is offering two years of free credit monitoring to help mitigate risks of identity theft. The company has established a dedicated email address for affected customers and is actively engaging with law enforcement and regulatory authorities to investigate the breach and prevent future incidents.

“Your trust is the most important thing for us at Shakepay and we will do everything we can to maintain it,” the company’s message concluded. “Please know that the security of your money and personal information is always our top priority, and we continue to carefully monitor the situation and use every recourse to protect your data and pursue bad actors.”

What do you think about the Shakepay data breach incident? Share your thoughts and opinions about this subject in the comments section below.