The anonymity of customers of nine cryptocurrency exchanges in Russia has been breached, and private user data has been in the public domain for more than two months.
Cybernews Research was able to independently verify the authenticity of the leaked user data of the following cryptocurrency exchanges:
Sova.gg
coinstart.cc
pocket-exchange.com
onemoment.cc
cripta.cc
metka.cc
alt-coin.cc
ferma.cc
in-to.cc
Although the exchanges are relatively small, the estimated number of affected customers is more than 500,000.
The data collected contains highly sensitive user information, including full names, credit card numbers, email addresses, IP addresses, payment or withdrawal request amounts, descriptors such as BTCRUB, and other authentication information such as the software used (user agents).
In total, the data leak included more than 615,000 payment requests and more than 28,000 withdrawal requests.
Russian cryptocurrency exchanges are often used to hide illegal activities. Therefore, this leak could prove useful for law enforcement and cybersecurity researchers around the world, Cybernews Research writes.
“For some, this could be an ‘I didn’t see that coming’ moment that will require them to be able to tell stories and find alibis,” the researchers note.
First discovered on Oct. 10, the server from which the leak originated was still available and accessible for interaction at the time of writing. However, while the IP was running, all data had already been destroyed by the malicious script. Who is responsible for the leak and subsequent data destruction is still unclear.
“MongoDB was used to manipulate the data, which when implemented correctly is a powerful database software. However, a misconfiguration allowed unrestricted access, enabling third parties to access and expose the cryptocurrency exchange’s data,” the researchers said.
MongoDB stores data in a flexible JSON-like format that allows developers to extend data structures on the fly.
Users of such crypto exchanges should stay informed. Data leaks leave them vulnerable to fraudulent activities such as identity theft, phishing and other social engineering attacks, and unauthorized transactions.
Reused passwords should be changed immediately, and multi-factor authentication should be enabled.