A hacker compromised Unicoin’s Google Workspace (formerly G-Suite) account and changed the passwords for all company employees, locking them out of their corporate accounts for days.
Unicoin is an asset-backed, audited, and publicly reporting cryptocurrency project. It is the official token of the “Unicorn Hunters” business series, focused on providing novel investment opportunities.
In a filing to the U.S. Security and Exchanges Commission (SEC), the company says that after gaining access to its Google account, the threat actor modified the passwords, thus dnying employee access to all services in the environment, including Gmail and Drive.
Unicoin says that it managed to restore access for its staff to G-Suite about four days later, on August 13.
“On August 9, 2024, Unicoin Inc. detected an unknown threat actor had gained access to the Company’s Google G-Suite account and changed passwords of all users of the Company’s G-Suite products (i.e., G-Mail, G-Drive and other related G-Suite functionality), thereby denying access to all users having an “@unicoin.com” email address,” reads the SEC Form 8-K filing.
“On or about August 13, 2024, the company was able to remove the threat actor’s access to the G-Suite accounts and restore access to its internal users.”
During this time, the threat actor could freely access confidential information present in internal communications.
The company is still assessing the extent and impact of the incident but has already found the following evidence of data access, manipulation, and fraud attempts:
- Discrepancies were found in the personal data of employees or contractors within the accounting department.
- Evidence of compromised communications was found, specifically hacked messages and email accounts of certain company managers.
- Identity forgery was detected for one of the contractors, leading to their termination.
Despite the breach of the company’s cloud environment for productivity and collaboration, Unicoin does not believe that the event will have a material impact on its financial status and has seen no evidence of crypto assets or cash losses linked to the event.