A seller on Raid Forums, an online market for stolen data, has been hawking an alleged database containing the personal info of about 4.8 million Paxful customers and staff at the peer-to-peerexchange.
The seller, who goes by the handle “mafufi,” claims to have first and last names, birth dates, email addresses, addresses, and passwords of Paxful clients. Mafufi posted a sample of employee data today and asked for 1 BTC (about $58,000) for the entire database.
But it’s not real, said Paxful CEO Ray Youssef via Twitter, who stated: “No user data was leaked, no breach was ever made of our users!” According to Youssef, “The data they had was old employee records from a payroll site we no longer use.”
Youssef’s statement backs up some of the skepticism mafufi encountered when trying to sell the data. Users pointed out that Paxful hadn’t reported being breached and that 1 BTC seemed a low figure for such a large leak. A site administer interjected with “DWC,” presumably shorthand for “deal with caution.”
The claim caused a stir on Twitter, with some worried this was further proof that know-your-customer and anti-money laundering regulations, which require exchanges to collect customer data, leave customer info exposed.
Not to worry, apparently. “I asked seller to parse 1 user info from database, he failed,” wrote a Raid Forums user. “Clearly a scam.”