A cryptocurrency platform exposed sensitive data of 25,000 users [source: hackread]

Bezop, a cryptocurrency startup exposed highly personal details of more than 25,000 of its investors online which were publicly accessible to anyone with an Internet connection.

The platform which is supported by John McAfee left the personal details exposed due to an unprotected MongoDB database. The exposed data included full names, email addresses, physical addresses, wallet information, encrypted passwords, copies driver’s license and passports.

The database was discovered by researchers at Kromtech Security on March 30th, 2018 but Bezop itself claims that the data was exposed in January this year and affected investors were already informed.

However, once the reports emerged online the company updated its blog post and stated that in January 2018, unknown malicious hackers conducted DDoS on Bezop cyberinfrastructure and additionally some security flaws led to the exposure of user data.

On the other hand, Bob Diachenko, Kromtech’s Chief Communication Officer stands by their findings and mention that they discovered the data on March 30th. Nevertheless, an exposed MongoDB means business for cybercriminals since just a month ago it was reported that malicious attackers are taking over unprotected MongoDB databases and holding them for ransom.

In one of the cases, Kromtech researchers tested the sophistication of attackers targeting MongoDB databases. In the test, attackers not only took over the honeypot MongoDB database but also wiped out 30GB of fake data before leaving a ransom note – All this was done within 13 seconds.

Therefore, whether Bezop incident took place in January or March, the point to focus is that it could have been worse for the company if the database was taken over by hackers. It must be noted that this is not the first time when Bezop has been caught up in controversy. A few months ago, the company sent usernames along with passwords in cleartext format.

For more, click here.

Share