Iranian crypto exchange Bit24 disputes claims of KYC data leak incident
Bit24.cash, an Iranian cryptocurrency trade, denied claims that it uncovered the non-public recordsdata of its platform users due to a misconfigured storage gadget.
Alleged KYC recordsdata exposure
Earlier currently, Cybernews researchers reported that a security flaw on the platform led to the unintended exposure of its users’ Know Your Customer (KYC) recordsdata, at the side of IDs, passports, and bank card crucial facets, accessible to anybody due to misconfigured cloud storage containers.
The researchers warned that the leak exposes the platform users to threats of identification theft, phishing makes an are attempting, and false transactions.
Cybernews acknowledged the vulnerability has been addressed, with the storage now secured and inaccessible as of press time.
Bit24 is one amongst the main crypto buying and selling platforms in Iran. The Asian country is one amongst the few worldwide locations that has adopted a pro-crypto stance as portion of efforts to circumvent the sanctions imposed in opposition to it by Western superpowers.
Bit24 counters claims
In an electronic mail response to Cybernews, Bit24 denied the prevalence of the vulnerability following an inner investigation.
Hossein Amini, a security engineer at Bit24, asserted that the talked about misconfiguration is wrong and inconsistent with the platform’s gadget architecture and security protocols.
“The reference to a misconfigured MinIO instance granting obtain admission to to S3 buckets containing KYC recordsdata is wholly false and does no longer align with our gadget architecture or security protocols. We are able to substantiate that our MinIO setup and cloud storage containers stay stable, and there has been no unauthorized obtain admission to to any sensitive user recordsdata,” Amini reportedly acknowledged.
Bit24 has but to reply to CryptoSlate’s set up a matter to for additional commentary as of press time.
Recordsdata breaches in crypto
Meanwhile, incidents of recordsdata breaches are prevalent within the crypto sector because regulated platforms get private recordsdata all over registration. While these Know Your Customer protocols purpose to curb illicit actions, stable storage stays a valuable challenge.
Final year, CryptoSlate reported about several crypto entities, at the side of Bitcoin-essentially based totally fee platform Strike and monetary catastrophe claims agent Kroll, suffering breaches that printed their users’ recordsdata.
Source credit : cryptoslate.com