Attention, personal data leak at Uphold

I created this little post to alert to a (more than very) probable personal data leak at Uphold.

Indeed I received two crypto scam emails, one from supposedly crypto.com and the other from metamask…
Well so far, nothing really “abnormal” will you tell me, except that two emails have arrived on aliased addresses, containing aliases created and only used with and on Uphold.
So I warned Uphold they are brandishing their policy of non-disclosure of personal data to tell me in the subtext that no, they are not the ones who released my information on the web while these two simple scam emails prove to me that 'there’s something wrong with them, whether it’s a computer flaw, an employee who makes ends meet or they’re lying to me, the fact is that it comes from them.

So people beware of your data and even more so of scams.

A little bit of explanation:

For those who don’t know the alias system for emails, and why it allows me to say that Uphold has lost my data in the wild, for example when you create an account on the brave forums you can use as an address E-mail:
[email protected]
or add an alias to it to follow a possible leak and facilitate the sorting of emails received:
[email protected]

Therefore emails from the Brave forum will be sent to [email protected] And only the Brave forum will have an address with +commubrave in it and will send me messages with this alias.
If by chance therefore, I receive messages from senders other than the brave forum at the address containing this alias, it is the entity where the alias was used which is the source of the leak, simple and effective.

@Nomen_Niesco can you provide more context around what Uphold said after you reached out? Thank you.

Of course, I’ll quote the responses from support (minus the sensitive information):

Uphold Support

Hi ,
Thank you for contacting Uphold, my name is Danya and I’ll be escalating your issue.
I understand this is a sensitive matter. I’ve assigned your ticket to the appropriate department, so that a specialist can take a better look at your issue.
Please stand by, as one of my teammates will get back to you shortly.

Sincerely,

Danya and the Uphold Team
Uphold | Our FAQs | Blog

Uphold Support

Hi ,
We understand that you’ve received 2 cryptocurrencies scam emails.

We would just like to give you a heads up that Uphold will not ask for your personal information outside the Mobile app or Web wallet.

We would also like to let you know that Uphold prioritizes its user’s personal information so we can assure that Uphold will never leak your email address outside Uphold.

If you have further questions, please don’t hesitate to contact us back.

Sincerely,

Angelo and the Uphold Team

So, Uphold persists and signs in how to manage my warning, continuing to affirm to me that they respect the data and the privacy of their customers thanks to their internal rules (only has value the confidence that one brings to it) and that more than 20 days after my first report, they passed the information to their security team… almost a month later… when has an idea of the speed of propagation of information on the web and worse of a hacked DB, it’s done for, it’s saved everywhere.

In short, I made a request to close an account, touting their answers too much in communication and damage control while deliberately remaining vague about the actions they were going to take, taking me for a noob, not understanding that alone two addresses only linked and used at home and only at home ended up in the wild, I no longer trust them at all.

You are warned made of this information and my case what you want, take it seriously or not, it’s up to you, I’m only an anonymous on a forum after all.

Her last answer (remember, it’s almost a month later…) :

Hi ,

I understand you’re concerned the email address you’ve registered on Uphold has been leaked in a data breach and you’d like us to investigate this further.

We always keep your information and funds safe according to our security procedures which you can find more about using the link below:

https://uphold.com/en-gb/get-started/security

Nevertheless, I’ve reached out to our Information Security team to review your case and I’ll be back in touch once I’ve heard back from them.

In the meantime, if you feel you’ve received a phishing email, please do not click on any links and remember to block the sender, and mark it as junk/spam. If you’re concerned your account has been compromised in any form, please get in contact with us ASAP.

Thanks in advance for your patience. Please let me know if you have any further questions in the meantime.

Best regards,
James and the Uphold Team

I can confirm this happened to me as well, with a custom domain email address thus I’m able to trace back to Uphold.

For me, 2 of 3 phishing emails I still have in my inbox are:

• 12/26 Exodus Wallet [email protected]
• 12/29 “Trezor” [email protected]

They all pretend to warn user about “Upgrade failure Your wallet has failed to complete the new Ethereum Merge.” and ask user to “complete the merge manually” via a link that has the text or respective services’ URL as text but actually linking to pixelme.

Some google search led me to an uphold Notice of Data Breach PDF doc from mass.gov https://www.mass.gov/doc/assigned-data-breach-number-28048-apto-payments-inc/download

WHAT HAPPENED?
On June 11, 2022, a third-party maliciously misused privileged credentials to gain access to your account information held at our card processor. After becoming aware of the incident, we and our card processor took steps to immediately restrict further access to your information.
We launched a forensic investigation and determined that the unauthorized person accessed and downloaded data from a server containing limited personal information that you provided us for purposes of servicing your cardholder account.

WHAT INFORMATION WAS INVOLVED?
The types of personal information that the unauthorized third-party may have obtained included your name, address, phone number, email address, a reissued debit card number, and a one-time-passcode that can be used to link that debit card to a digital wallet.

I don’t have any uphold debit card product as mentioned in the PDF though, so I’m not sure if this indeed “a recent security incident at our card processor that involved the disclosure of your personal information.” mentioned in the PDF.

I can confirm this. I also receive scam mails to my address specially created for UpHold.

“important message from MetaMask” from 28.11.2022
“Exodus - Merge your assets” from 23.12.2022
2x "Trezor.*o -Upgrade failure " from 29.12.2022

I contacted both times directly after that “[email protected]”. Not one mail was answered why my uphold mail is affected. Very strong support from Uphold. Not.

I did not have a debit card either @DH3mQn82

Got two more today

• “Trezor - Action!” from Trezor [email protected]
• “Trezor - Your tokens have failed to merge” from Trezor [email protected]

Party Party

[email protected]
[email protected]
[email protected]
ceo@forum(t)echnologies.in

PS: Why was this thread set to private? I only came to this page because I explicitly searched for “Uphold leak”. The thread is hidden in the forum overview.

Is this thread private? I didn’t set anything for it to be, besides I didn’t even know that this option existed.
Any idea where or how it could be played in public?
(if I have a hand on this kind of setting)

@Nomen_Niesco

grafik1183×683 85.5 KB

Oh, i see, it’s not from me and i don’t find any way to change that, sadly

Yeah, I just found this because of a link on Reddit. For things to be unlisted, it’s done by moderators. Most likely was unlisted because of how things are phrased. For example, “personal data leak at Uphold.” But there’s no proof or anything that there was a personal data leak at Uphold. So as people often jump to FUD (fear, uncertainty, and doubt), ended up being delisted as it’s an accusation with little grounding.

Other issue to it is kind of like what I just shared in a new post that just brought my attention to this today, which you can see at Uphold leaking data?

While the content of emails definitely seem shady and like pure scams, it is important to realize that Uphold’s privacy policy does state they can share or sell your data. They even list who they sell or share it with. Of those are Facebook, Google, and Adroll. They also give you ways to remove your data from that and to opt out of them sharing your data.

Unfortunately, many people never actually read these things. Again, it’s hard to say if this sharing or selling of data to those partners are what resulted in the emails you received, if there’s a leak somewhere, or even if the emails received might have been discovered elsewhere (such as the email provider themselves)

Hello @Saoiray Saoiray,

Thanks for your feedback, also in the other thread.

I had to laugh at the answer from Uphold. “could you be a bit more specific on the question”

I have sent Uphold several mails since November, to different addresses. EVERY mail was ignored. I have clearly asked where these mails come from. It could not be clearer. So much for “more specific”.

I work with different addresses for a reason. Therefore I know very well which buttons I set for a registration.

Even if data is sold: Come on. It can’t be in the sense of UpHold that customers receive mails which are disguised with exodus.com and trezor.io in the direction of “pxlm.me/ref”.
See link, bottom left corner
https://i.imgur.com/I0ggJ9X.png
https://i.imgur.com/GzWZj8p.png

@Wohntan Yeah, Uphold’s response from their “Data Protection Team” is very sad. Anyway, the last/latest from them is:

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.