The data breach that hit blockchain-based lending giant Figure affected nearly a million customers, according to a security researcher.
Last week, Figure confirmed a data breach allowed hackers to steal “a limited number of files” from its systems. The company did not provide specifics on what kind of data was stolen nor say how many customers were affected.
On Wednesday, Troy Hunt, a security researcher and creator of the data breach notification site Have I Been Pwned, analyzed the data allegedly taken from Figure and found it contained 967,200 unique email addresses associated with Figure customers.
The data also included customer names, dates of birth, physical addresses, and phone numbers.
Figure did not respond to a request for comment, and to ask if the company disputes Hunt’s findings.
The cybercrime group ShinyHunters told TechCrunch last week that it was to blame for the cyberattack targeting Figure. The group published 2.5 gigabytes of data allegedly stolen from Figure on its leak website, where the hackers shame their victims and publish stolen data if they fail to extort the hacked companies.