Company behind hardware wallet BitBox victim of email data breach

Last Updated: 22 July 2022

Due to a data breach at ActiveCampaign, bitcoiners also have personal information that is out on the street. It concerns a problem with software for marketing emails. Shift Crypto of the BitBox wallet shares the story in a press release.

Data leak at marketing software

The company has sent out an email to all those affected. It is a data leak in which email addresses and IP addresses have been leaked. It does not affect the hardware wallets BitBox02 and BitBoxApp itself.

All bitcoin listed here is safe. However, they do warn customers about possible phishing emails.

The ActiveCampaign team has confirmed that “an unauthorised party downloaded the email lists.” According to Shift Crypto, it did use 2FA on its accounts. What went wrong and how the ‘outsider’ gained access to this information is not known.

If you have ever ordered a BitBox, you could be receiving fake messages in your mailbox in the coming weeks.

We are investigating a data breach of ActiveCampaign, the service we used for marketing emails.

Affected data: Name/Alias, Email & IP address

Be aware of suspicious emails, as this data might be used for phishing attempts.

More details:https://t.co/sbDXToikXU

— Shift Crypto (@ShiftCryptoHQ) July 21, 2022

You need not fear that your home address has been leaked. According to the company, the BitBox shop is self-hosted, and all personal data is anonymised after 30 days.

However, a possible scenario is that the hackers will send a ‘fake update’ telling you to update the software of the hardware wallet. The recommendation from Shift Crypto is to keep the firmware on version 4.34.0 for a while longer. This was released on 20 June.

This is not the first time that data from a hardware wallet company has been leaked. In 2020, Ledger was the victim. For example, many bitcoiners received mail from the HEX-scam in the months that followed.