Oddbean new post about login | logout Hey. Yep I’m behind Altas21. The rumor is unconfirmed yet but honestly it’s very difficult to define it only as a “rumor”. The day after the news came out, someone published a script to try a brute force attack with the password “123456” on Chivo’s server. The script works and the server responds. The timing is suspect, at least.
Is it really a brute force if the only password they use is 123456 and it's directed against one server? I read that people correlated the information with whatever information you need to sign up with Chivo but I also find that odd, won't most applications (especially banking related) collect mostly the same data? I'll call it a rumor until someone can prove that it came from Chivo's database. Also, looks like you need a link to your nostr profile here: https://atlas21.com/author/federico-rivi/
There’s also another coincidence: the number of Chivo’s downloads and the the number of people involved in the data leak. In my country they say: “three coincidences make a proof”, which is obviously not true, but it’s at least highly, highly, highly suspicious.
New evidence came out last night https://atlas21.com/el-salvador-group-of-hackers-publishes-chivo-wallet-atm-code/
Thanks for keeping us updated🤙
Update: Chivo responded but didn’t provide actual answers. https://atlas21.com/chivo-our-users-data-are-safe/