Recently, a significant data security incident involving the blockchain-based lending platform Figure has impacted close to one million users, as reported by a cybersecurity expert.
Last week, Figure acknowledged that a data breach enabled unauthorized access to "a limited number of files" within its system. However, the company did not disclose specific details regarding the nature of the stolen data or the total number of customers affected.
On Wednesday, Troy Hunt, a well-known security researcher and the founder of the data breach notification service, analyzed the compromised data and discovered that it contained approximately 967,200 unique email addresses linked to Figure's customers. Additionally, the data set included personal information such as customer names, birth dates, physical addresses, and phone numbers.
Despite inquiries, Figure has not provided a comment regarding the incident or whether it disputes Hunt's analysis of the data breach.
The cybercriminal group known as ShinyHunters claimed responsibility for the attack on Figure. They reportedly released 2.5 gigabytes of the stolen data on their leak website, where they publicly shame their targets and disclose stolen information if the companies do not comply with their demands.
