Strike reports data leak of customer emails after initially denying any issues
Take action: Denying an incident after the data has leaked is both pointless and stupid. The evidence is out there and all you are doing is losing credibility. If you are working with a company that does such denials, reconsider whether you want to work with them.
Learn More
On a recent Tuesday, the Bitcoin-centric payment application Strike, spearheaded by Jack Mallers, faced a media probe regarding an alleged leak of its customer database. The company's initial response was a staunch denial of any breach, with a representative stating, "There’s no evidence that Strike was breached."
However, this claim was quickly challenged by crypto analyst ZachXBT, who posted what he claimed was proof of the breach in a Telegram group.
The reality of the breach quickly became apparent as Strike users began to report receipt of scam emails, which were sent to email addresses exclusively used for their Strike accounts. These phishing attempts included deceptive emails impersonating reputable crypto platforms like Etherscan and OpenSea.
Subsequently, in a matter of hours, Strike conceded to its users that a third-party had indeed compromised its email list:
"Hi We're reaching out to inform you that the email address to which this email was sent and that you used to sign up for a Strike service) may have been leaked by a third party vendor. There is no evidence that Strike itself was breached. The email address was the only piece of information exposed by the third party vendor. We are no longer working with the third party vendor we believe to be responsible. As always, we strongly advise exercising caution when opening emails from unfamiliar addresses, maintaining vigilance around identifying phishing attempts, and verifying the legitimacy of the domains to which you are directed before taking any action, as scam websites and links may look similar to real websites."
No further details about the nature of the breach or the number of affected individuals are disclosed.
This event marks yet another instance where Strike and its CEO, Jack Mallers, have diverged from the truth regarding the firm’s internal affairs, like statements about use of Bitcoin for everyday purchases at major retailers which never happened or the unreported substitution of fiat currency U.S. dollars with the Tether stablecoin.
