~ !! This is a Warning To ANYONE EVERYONE doing KYC at any exchange !! ~
You know what? I requested ALL data collected by Coinbase (as per GDPR rulebook). Opened my account with them 4 years ago. They took 3 weeks to process the data into a BIG chunk zip file, and sent it to me via email. For God sake, this ZIP wasn’t even encrypted with a password lock when sent to me by email. It contained the following:
Identity Images: 91 Images of my ID cards shot from different angles (included a few failed attempts during registration). Perhaps, they made copies of it for internal use, during initial KYC procedure. Personal Identification: Full name, Home address, Email, phone number, Location Personal checks: Copy of bank statements, electricity bill, salary slip, etc. submitted Golden text: A 2.1 MB text file (consider it huge), that included (very clearly): All my written email communication with customer service in the past 4 years, including any notes they have made there-in. Transactions: All transactions ever sent/received from all wallets, with timestamps. Wallets: All registered wallet addresses for all coins Net worth: Account balance of my account (aka. net worth) at each instant, as money moved in/out (with auto-generated remarks). Details of all the cards ever used for payment, incl. bank cards, credit/debit cards. The first 6 and last 4 digits of card, incl. issuer country, incl. issuer and my personal address on which this card was registered (don’t know how they get this info?). IPs: All IPs logged in last 4 yrs, platforms used, browsers used, with timestamp for each. Web Activity data: Description of online activity data collected by Coinbase and 3rd parties, incl. Geographical location (Latitude/Longitude), and last seen If you were ever logged in with another email account, while using Coinbase? They also log in that email (even if it has nothing to do with exchange account).
And the funniest part, customer service team, from Coinbase sent me this zip file. This is shit scary!!
What should you do:
From now on, be very conscious of using exchanges that ask for KYC. OR use it to a minimum. If you care for your privacy, future or your family, slowly seek out decentralized exchanges. Atleast, they are coming! Do NOT verify any external wallets by video screen, if they do (e.g. Bitvavo in Europe, is one example). Move out of such stupid exchanges. Use a VPN, for God Sake! It makes you anonymous online! Mullvad VPN or NordVPN, are great options! Use privacy email ID, like protonmail or tutanota. These emails are encrypted just for the future. Try not to use Gmail, etc. Have a separate email ID for financial use. If ever your email gets hacked, you have a centralized bottleneck.
PS: Note, they CANNOT delete your data. Only upon your request, they would consider keeping your data for at least 5 years (and more if needed) and shall submit this data to authorities, if a request ever comes in. Basically, your personal data is their data now.
Just imagine, this goes to unauthorized hands, bad actors, incl. Govt. and to dark web. Wat ya gonna do then? Too late. This is cryptocurrency, not your social playbook. The consequences for you can be worse than Facebook data breach, in the past.
PS: Please kindly spread this information so others are aware and save themselves some ruck!
submitted by /u/aFungible
[link] [comments]