Purse Temporarily Shuts Down Site to Investigate Security Breach
Hacking scandals have swept the commercial retail and digital currency sectors for the least three years, and it doesn’t seem to be letting up.
Hacking scandals have swept the commercial retail and digital currency sectors for the least three years, and it doesn’t seem to be letting up. Purse.io, the relatively new P2P service provider that links Bitcoin to Amazon, has allegedly lost the Bitcoin funds of many of its users, causing the site to shut down on Sunday.
2 Ways to Handle the Problem
When a relatively new company runs into a fairly large public relations problem, there are two ways to handle it. Own up to it, and admit culpability.
Luxury automaker Lexus did just this back in 1990 when faced with a decent-sized recall in their first year. Lexus not only admitted the mistake, but took it as an opportunity to show off its customer service chops, sending techs out to its customers personally to provide transport and fix the problems swiftly, regardless of where the customers were.
Unfortunately, Purse.io is not heading in that direction.
Purse users sounded the alarm on Reddit’s r/Bitcoin forum this weekend, with many users claiming to have received an email request from Purse.io to change their password. This was quickly followed by an unauthorized withdrawal request and confirmation. Losses ranged from less than a bitcoin to 36 BTC in one case.
Purse.io’s response so far has been to first shut down the site for several hours, under the “maintenance” moniker. Then publish a blog post mentioning the security issue, but denying any losses of Bitcoins by its users, in fact, contradicting their reports. The company stated:
“Current information leads us to believe that one of our third-party email service providers was compromised causing unauthorized password resets for some users. We discovered this quickly, secured funds, and reset tokens for affected users. All funds are secure, and service has been resumed.”
The company claims the issue was tied to not using 2FA, or two-factor authorization, which also runs counter to the reports of its account users. Aaronsta1 on Reddit said the following, replying to the experiences of other Purse.io users over the weekend:
“same here. it's not your computer..my account had 2fa enabled. I got an email saying my coins were withdrawn and my current order was underpaid. I was able to log in to change my password and see my account showing 0.00$ when the site went offline. I emailed support, they replied. Looking into this...stay tuned.”
Have you experienced issues with Purse.io lately? Please share and comment in the section below.