Home

/
/
Binance Discovers 1 Billion Entries of Hacked User Data on the Dark Web

Binance Discovers 1 Billion Entries of Hacked User Data on the Dark Web

Binance Threat Intelligence has discovered one billion entries of hacked user data being sold in the dark web.
Dalmas

July 4, 2022

Introduction​

Binance’s Threat Intelligence has discovered a large data trove containing sensitive user data of an unnamed country in Asia being sold on the dark web.

The Data Breach

On July 3, Binance’s co-founder, Changpeng Zhao, said hackers are auctioning one billion personal information data, including name, address, national ID, mobile, police, and medical records that may be injurious to, among many other parties, cryptocurrency exchanges.

The spillage has been pinned on a possible bug in Elastic Search deployment.

Our threat intelligence detected 1 billion resident records for sale on the dark web, including name, address, national id, mobile, police, and medical records from one Asian country. This is likely due to a bug in an Elastic Search deployment by a Government agency.

Due to compliance, leading cryptocurrency exchanges, including Binance, the world’s largest by client count, demand users submit their real names and identifying records as part of account verification.

However, during data breaches such as this, hackers can use these details to pinpoint a user’s account. Afterward, they can use them to take over accounts, leading to the loss of millions. Common hacks include Simcard takeovers and others, especially on vulnerable accounts without two-factor authentication.

As part of their mandate to keep user data secure and prevent unauthorized intrusion from authorized parties, Binance has issued an alert and urged all crypto platforms with users from the impacted area to enhance their security measures.

Spike in Data Breaches

Presently, more businesses and individuals are uploading data to online storage systems and databases like Elastic Search.

According to the Binance Threat Intelligence team, the breach, as mentioned earlier, could be due to vulnerability on Elastic Search. The Elastic Search is a distributed database, open search, and analytics search engine that continuously takes in and stores data. This database can be accessed through a Restful API.

There has been no information on how user data has been used to execute hacks or take over accounts. What’s evident is that analysts expect even more data breaches going forward. In 2021, data breaches rose 68 percent year over year.

In May 2019, Binance lost 7k BTC in a hack. However, users were compensated in full from the exchange’s insurance fund.

Image Source

Dalmas

Dalmas is an active cryptocurrency content creator and highly regarded technical analyst. He’s passionate about blockchain technology and the futuristic potential of cryptocurrencies.

Get the day’s top crypto news and insights delivered to your inbox every evening.

Subscribe to Blockworks’ free newsletter now.

More articles

SEE ALL

Aave DAO, the governance body of the Aave Protocol, have voted…
Bitcoin prices are moving higher following the U.S. FED decision to…
Kraken will likely get a fine from the U.S. Treasury Department…
Bit.com, a full suite cryptocurrency exchange, announced the release of USD…