I created this little post to alert to a (more than very) probable personal data leak at Uphold.
Indeed I received two crypto scam emails, one from supposedly crypto.com and the other from metamask…
Well so far, nothing really “abnormal” will you tell me, except that two emails have arrived on aliased addresses, containing aliases created and only used with and on Uphold.
So I warned Uphold they are brandishing their policy of non-disclosure of personal data to tell me in the subtext that no, they are not the ones who released my information on the web while these two simple scam emails prove to me that 'there’s something wrong with them, whether it’s a computer flaw, an employee who makes ends meet or they’re lying to me, the fact is that it comes from them.
So people beware of your data and even more so of scams.
A little bit of explanation:
For those who don’t know the alias system for emails, and why it allows me to say that Uphold has lost my data in the wild, for example when you create an account on the brave forums you can use as an address E-mail:
[email protected]
or add an alias to it to follow a possible leak and facilitate the sorting of emails received:
[email protected]Therefore emails from the Brave forum will be sent to [email protected] And only the Brave forum will have an address with +commubrave in it and will send me messages with this alias.
If by chance therefore, I receive messages from senders other than the brave forum at the address containing this alias, it is the entity where the alias was used which is the source of the leak, simple and effective.