Based on this email below. It is good that blockfi.com notified its users of the activities. The key information you should pay attention to are:
Account Information in your BlockFi account that was accessed during the incident is data we typically use for marketing purposes: Name, Email Address, Date of Birth, Postal Address, Activity History Account Information in your BlockFi account that was NOT accessed: Social Security Number, Tax Identification Numbers, Passports, Licenses, Passwords, Bank Account Information, Account Preferences, Photos uploaded for identification purposes
Many people would question is this a hack or not? a hack is a hack no matter what small or big or what information were expose even a name, internal or external, so in other word, this is a hack. So will be more hack follow since the intruder or hacker already went into the system and who knows what else has been installed on the system if the hacker already in, the backdoor software problem could hidden and can be triggered later in the future or whenever needed, or who knows blockfi.com platform is now been compromised? the hacker now just waiting for the right time to trigger it one way or another.
Anyhow, it does not matter which platform you’re using, this thing can happen all over exchanges and similar platform. It’s a matter of immediate communication and follow up fixes. However it’s been known that these hacking activities lead to more hack or more findings to the hack originally thought to be small but eventually turned out to be a big like mtgox.
Keep in mind, blockfi.com fine print said they will not be responsible if their platform got hacked and loss of all funds, in other word blockfi.com can say they got hacked and hacker stole all their funds and they’re not responsible to give you back your investment, all is lost. Read the fine print you will see it. Although it said that some coins are on gemini.com cold storage, how much? we don’t know or if any for that matter since it’s not transparent. So be careful. DO NOT INVEST MONEY YOU CANNOT AFFORD TO LOOSE.
On Tuesday, May 19, 2020, 08:36:51 AM EDT, BlockFi <[email protected]> wrote:
Dear Valued BlockFi Client,
On May 14th, there was a data incident at BlockFi that exposed certain client account information for a brief period of time. While no information was accessed that would enable the intruder to access your account or your funds, we believe it is in the interest of transparency to share the following details with you, and all of our other clients who were potentially affected.
Your funds, passwords, and non-public identification information are secure and no BlockFi client or company funds were impacted or at risk. No action is required by you.
This email contains:
A summary of what happened
What it means for you and our recommended next steps
The actions we took and our next steps
Unauthorized activity occurred in our system for about an hour on May 14th.
Account Information in your BlockFi account that was accessed during the incident is data we typically use for marketing purposes: Name, Email Address, Date of Birth, Postal Address, Activity History
Account Information in your BlockFi account that was NOT accessed: Social Security Number, Tax Identification Numbers, Passports, Licenses, Passwords, Bank Account Information, Account Preferences, Photos uploaded for identification purposes
What this means for you
Your BlockFi account, funds, and ability to take action in our system remain fully available. No funds were lost or at risk and no action is required by you.
However, we strongly recommend using best practices to secure your account including enabling two factor authentication (2FA) and whitelisting in your profile settings. Read more about how to set up these security features here.
The actions we took and our next steps
We quickly terminated the intruder’s access to BlockFi’s internal system and are taking the following steps to prevent such incidents from happening again:
Released immediate security updates to BlockFi’s systems, aimed at further securing marketing-related data
Implemented security updates to employee cell phones to further prevent risk of cell phone network vulnerabilities
While there was no risk to account access or to your funds, we believe that communicating with you is the right thing to do. One of our company values is “Transparency Builds Trust” and in the interest of disclosing as much information as we can we have published a more detailed incident report available here.
We are constantly reviewing and improving our systems and security processes and will be accelerating efforts in a number of areas as a result of this activity. Unfortunately, data incidents are a constant concern for companies across all industries and, with its growth, the cryptocurrency sector is increasingly targeted. In addition to ongoing development of our systems, we are actively researching options for us to contribute to the cybersecurity efforts of the cryptocurrency industry more broadly.
We are available to answer any questions that you may have related to this incident at [email protected] Thank you for your continued support.
The BlockFi Team
Copyright © 2020. BlockFi, All rights reserved.
Rates for BlockFi products are subject to change. Digital currency is not legal tender, is not backed by the government, and BIA accounts are not subject to FDIC or SIPC protections. Cryptoassets are deposited into an account with Gemini or BitGo, our primary custodians and licensed depository trusts.
For more information, please see BlockFi’s Terms of Service.
BlockFi, 201 Montgomery Street, Second Floor, Suite 263, Jersey City, NJ 07302, USA, 646-779-9688