Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Bitrefill customer purchase records customer data exposed after Bitrefill breach

Data Leak
First reported
Last updated
Happening score
H score 21
1 unique sources, 1 articles

Summary

Hide ▲

Bitrefill suffered a data leak that exposed about 18,500 purchase records, putting customer email addresses, IP addresses, and cryptocurrency payment addresses at risk. Some records also included customer names, widening the privacy and abuse exposure. The leak was uncovered during a March 2026 breach investigation, and the data may have been reachable in decrypted form if the reported keys were obtained.

Related Happenings

Bitrefill hit by network compromise

Incident
First: 19.03.2026 19:08 Last: 19.03.2026 19:08 Sources 1

How related: On March 1st, Bitrefill announced technical issues affecting access to its website and app. A day later, the company disclosed that it had identified a security issue and took all services offline.

About this happening: **Bitrefill** suffered a **cyberattack** that forced its website and app offline and left restoration still in progress, making it the platform’s most serious security event to da...

Open Happening

Timeline

  1. 19.03.2026 19:08 1 articles · 2mo ago

    Bitrefill website and app experience technical issues

    Initial Disclosure

    Bitrefill's website and app experienced technical issues on March 1, interrupting access to the platform while the company worked to understand the problem.

    Show sources
    Open in new tab
  2. 19.03.2026 19:08 1 articles · 2mo ago

    Bitrefill takes services offline after security issue

    Mitigation Patch Update

    One day after the initial disruption, Bitrefill said it had identified a security issue and took all services offline while restoration efforts continued.

    Show sources
    Open in new tab
  3. 19.03.2026 19:08 2 articles · 2mo ago

    Bitrefill investigation finds compromised laptop and exposed records

    Technical Analysis Update

    During the investigation update on March 19, Bitrefill said the breach originated on a compromised employee's laptop, legacy credentials were used to reach a snapshot with production secrets, access later expanded to parts of the database and cryptocurrency wallets, and about 18,500 purchase records were exposed, including 1,000 purchases with customer names.

    Show sources
    Open in new tab
  4. 19.03.2026 19:08 1 articles · 2mo ago

    Bitrefill links breach to Bluenoroff and Lazarus activity

    Attribution Update

    Bitrefill said indicators from the investigation matched prior DPRK Lazarus / Bluenoroff attacks, citing the modus operandi, malware, on-chain tracing, and reused IP and email addresses, and concluded the attackers were likely after cryptocurrency and gift card inventory rather than customer data.

    Show sources
    Open in new tab