Binance’s Threat Intelligence has discovered a large data trove containing sensitive user data of an unnamed country in Asia being sold on the dark web.
The Data Breach
On July 3, Binance’s co-founder, Changpeng Zhao, said hackers are auctioning one billion personal information data, including name, address, national ID, mobile, police, and medical records that may be injurious to, among many other parties, cryptocurrency exchanges.
The spillage has been pinned on a possible bug in Elastic Search deployment.
Our threat intelligence detected 1 billion resident records for sale on the dark web, including name, address, national id, mobile, police, and medical records from one Asian country. This is likely due to a bug in an Elastic Search deployment by a Government agency.
Due to compliance, leading cryptocurrency exchanges, including Binance, the world’s largest by client count, demand users submit their real names and identifying records as part of account verification.
However, during data breaches such as this, hackers can use these details to pinpoint a user’s account. Afterward, they can use them to take over accounts, leading to the loss of millions. Common hacks include Simcard takeovers and others, especially on vulnerable accounts without two-factor authentication.
As part of their mandate to keep user data secure and prevent unauthorized intrusion from authorized parties, Binance has issued an alert and urged all crypto platforms with users from the impacted area to enhance their security measures.
Spike in Data Breaches
Presently, more businesses and individuals are uploading data to online storage systems and databases like Elastic Search.
According to the Binance Threat Intelligence team, the breach, as mentioned earlier, could be due to vulnerability on Elastic Search. The Elastic Search is a distributed database, open search, and analytics search engine that continuously takes in and stores data. This database can be accessed through a Restful API.
There has been no information on how user data has been used to execute hacks or take over accounts. What’s evident is that analysts expect even more data breaches going forward. In 2021, data breaches rose 68 percent year over year.
In May 2019, Binance lost 7k BTC in a hack. However, users were compensated in full from the exchange’s insurance fund.
- Exhange BlockMagnates: Photo by Alexander Popov on Unsplash