Home » security

A major leak has exposed users of Russian cryptocurrency exchanges.

Published by: security

The anonymity of customers of nine cryptocurrency exchanges in Russia has been breached, and private user data has been in the public domain for more than two months.

Cybernews Research was able to independently verify the authenticity of the leaked user data of the following cryptocurrency exchanges:

Sova.gg
coinstart.cc
pocket-exchange.com
onemoment.cc
cripta.cc
metka.cc
alt-coin.cc
ferma.cc
in-to.cc

Although the exchanges are relatively small, the estimated number of affected customers is more than 500,000.

The data collected contains highly sensitive user information, including full names, credit card numbers, email addresses, IP addresses, payment or withdrawal request amounts, descriptors such as BTCRUB, and other authentication information such as the software used (user agents).

In total, the data leak included more than 615,000 payment requests and more than 28,000 withdrawal requests.

Russian cryptocurrency exchanges are often used to hide illegal activities. Therefore, this leak could prove useful for law enforcement and cybersecurity researchers around the world, Cybernews Research writes.

“For some, this could be an ‘I didn’t see that coming’ moment that will require them to be able to tell stories and find alibis,” the researchers note.

First discovered on Oct. 10, the server from which the leak originated was still available and accessible for interaction at the time of writing. However, while the IP was running, all data had already been destroyed by the malicious script. Who is responsible for the leak and subsequent data destruction is still unclear.

“MongoDB was used to manipulate the data, which when implemented correctly is a powerful database software. However, a misconfiguration allowed unrestricted access, enabling third parties to access and expose the cryptocurrency exchange’s data,” the researchers said.

MongoDB stores data in a flexible JSON-like format that allows developers to extend data structures on the fly.

Users of such crypto exchanges should stay informed. Data leaks leave them vulnerable to fraudulent activities such as identity theft, phishing and other social engineering attacks, and unauthorized transactions.

Reused passwords should be changed immediately, and multi-factor authentication should be enabled.

0 crypto Leak
Like this post? Please share to your friends:
cyberdir - is your ultimate destination for cutting-edge cybersecurity
Leave a Reply

;-) :| :x :twisted: :smile: :shock: :sad: :roll: :razz: :oops: :o :mrgreen: :lol: :idea: :grin: :evil: :cry: :cool: :arrow: :???: :?: :!:

You may also like
security 0
3 million smart toothbrushes for a DDOS
An incredible scenario that actually happened: remote-controlled toothbrushes participated in a distributed denial-of-service (DDoS)
security 0
The elite hack group ALPHV/BlackCat has resurrected their website after being taken over by the FBI yesterday.
The ALPHV/BlackCat hacktivist group claims to have “liberated” its own darknet website – just
security 0
Why do reputable sources keep false data? How did this happen?
In 2004, Dr. Hwang Woo Suk became famous for his breakthrough discovery of cloned
security 0
Leaked nudes become the top cyber risk of 2024.
Nude leaks are emerging as the top cyber risk of 2024.Discussions are heating up
security 0
The future of phone scams: bots that look like your loved ones. Important to know!
One in five unknown calls is spam. Despite the minuscule success rate, millions of
security 0
Governments spy on Apple and Google users with push notifications – said U.S. Sen.
Unknown governments are spying on smartphone users through their apps’ push notifications, a U.S.