Bit24.money, an Iranian cryptocurrency trade, denied claims that it uncovered the non-public data of its platform customers resulting from a misconfigured storage system.
Alleged KYC knowledge publicity
Earlier immediately, Cybernews researchers reported {that a} safety flaw on the platform led to the unintended publicity of its customers’ Know Your Buyer (KYC) knowledge, together with IDs, passports, and bank card particulars, accessible to anybody resulting from misconfigured cloud storage containers.
The researchers warned that the leak exposes the platform customers to threats of id theft, phishing makes an attempt, and fraudulent transactions.
Cybernews mentioned the vulnerability has been addressed, with the storage now secured and inaccessible as of press time.
Bit24 is among the main crypto buying and selling platforms in Iran. The Asian nation is among the few international locations that has adopted a pro-crypto stance as a part of efforts to avoid the sanctions imposed towards it by Western superpowers.
Bit24 counters claims
In an e-mail response to Cybernews, Bit24 denied the prevalence of the vulnerability following an inside investigation.
Hossein Amini, a safety engineer at Bit24, asserted that the talked about misconfiguration is fake and inconsistent with the platform’s system structure and safety protocols.
“The reference to a misconfigured MinIO occasion granting entry to S3 buckets containing KYC knowledge is wholly unfaithful and doesn’t align with our system structure or safety protocols. We will affirm that our MinIO setup and cloud storage containers stay safe, and there was no unauthorized entry to any delicate consumer knowledge,” Amini reportedly mentioned.
Bit24 has but to answer CryptoSlate’s request for extra commentary as of press time.
Knowledge breaches in crypto
In the meantime, incidents of knowledge breaches are prevalent within the crypto sector as a result of regulated platforms collect private knowledge throughout registration. Whereas these Know Your Buyer protocols intention to curb illicit actions, protected storage stays a major problem.
Final 12 months, CryptoSlate reported about a number of crypto entities, together with Bitcoin-based fee platform Strike and chapter claims agent Kroll, struggling breaches that exposed their customers’ data.