Bit24.money, an Iranian cryptocurrency change, denied claims that it uncovered the non-public data of its platform customers as a result of a misconfigured storage system.
Alleged KYC knowledge publicity
Earlier as we speak, Cybernews researchers reported {that a} safety flaw on the platform led to the unintended publicity of its customers’ Know Your Buyer (KYC) knowledge, together with IDs, passports, and bank card particulars, accessible to anybody as a result of misconfigured cloud storage containers.
The researchers warned that the leak exposes the platform customers to threats of identification theft, phishing makes an attempt, and fraudulent transactions.
Cybernews stated the vulnerability has been addressed, with the storage now secured and inaccessible as of press time.
Bit24 is likely one of the main crypto buying and selling platforms in Iran. The Asian nation is likely one of the few nations that has adopted a pro-crypto stance as a part of efforts to circumvent the sanctions imposed towards it by Western superpowers.
Bit24 counters claims
In an e mail response to Cybernews, Bit24 denied the incidence of the vulnerability following an inner investigation.
Hossein Amini, a safety engineer at Bit24, asserted that the talked about misconfiguration is fake and inconsistent with the platform’s system structure and safety protocols.
“The reference to a misconfigured MinIO occasion granting entry to S3 buckets containing KYC knowledge is wholly unfaithful and doesn’t align with our system structure or safety protocols. We are able to verify that our MinIO setup and cloud storage containers stay safe, and there was no unauthorized entry to any delicate consumer knowledge,” Amini reportedly stated.
Bit24 has but to answer CryptoSlate’s request for added commentary as of press time.
Knowledge breaches in crypto
In the meantime, incidents of knowledge breaches are prevalent within the crypto sector as a result of regulated platforms collect private knowledge throughout registration. Whereas these Know Your Buyer protocols goal to curb illicit actions, protected storage stays a major problem.
Final yr, CryptoSlate reported about a number of crypto entities, together with Bitcoin-based fee platform Strike and chapter claims agent Kroll, struggling breaches that exposed their customers’ data.
