Data leak
Byte Federal Bitcoin ATM - GitLab Vulnerability Breach
Primary Source βIncident Details
US Bitcoin ATM operator Byte Federal (which operates 1,200+ ATMs nationwide) was breached on 30 September 2024 via a GitLab vulnerability but did not detect the incident until 18 November 2024. Disclosed publicly 12 December 2024. 58,000 customers’ names, addresses, phone numbers, government-issued ID details, Social Security numbers, transaction data, and photographs were exposed. No customer funds or digital assets were compromised. Byte Federal reset all customer accounts and passwords upon discovery.
Technical Details
- Initial Attack Vector
- Attacker exploited an unpatched GitLab vulnerability to gain access to a Byte Federal server hosting customer data
- Vendor / Product
- GitLab
Timeline
- 2024-09-30 Breach occurred
- 2024-12-12 Publicly disclosed
- 2024-12-12 Customers notified