my first thought was "oh shit, what if they got tax IDs, physical addresses, and other filer info"? fortunately the breach doesn't actually look
that bad.
customers names, email addresses, payment processor profiles and messages sometimes containing cryptocurrency incomes.
To pay for subscriptions, premium users also enter billing information into Stripe, a payment processor. Stripe is connected to CryptoTrader.Taxs support center platform and shows customers email addresses and general locations, but it does not expose physical addresses or credit, debit and banking information, according to the Stripe website.
The hacker also accessed marketing communications, referral numbers, commission earnings and revenues from affiliates who promote the CryptoTrader.Tax service on websites and social media, according to the materials reviewed by CoinDesk and Kemmerer.
this is yet another reminder to use a different email address for every service though---if it gets leaked, no big deal.
One thing that also struck me:
The co-founder of the platform, David Kemmerer, also confirmed the breach and detailed that the data were compromised on April 7.
I suppose they weren't planning on telling anyone about it.
i noticed that and thought "thanks for waiting 4.5 months until the dump was found on the dark web to mention it"! but maybe they at least informed affected customers at the time. it's not 100% clear when they disclosed it:
CryptoTrader.Taxs security team investigated the breach and found tax filing account passwords and CryptoTrader.Taxs website were not compromised, Kemmerer said. The team then alerted parties affected by the breach and took steps to improve security measures and monitoring systems across internal and third-party applications, Kemmerer said.
