John McAfee-backed Cryptocurrency left a MongoDB Database Unsecured, Spilling Users Data

John McAfee-backed Cryptocurrency left a MongoDB Database Unsecured, Spilling Users Data

Cryptocurrency News
April 27, 2018 by Bitzamp
1663
John McAfee-backed Cryptocurrency left a MongoDB Database Unsecured, Spilling Users Data Kromtech Security has revealed a data breach tied to investors of the Bezop cryptocurrency. The cybersecurity firm made the announcement on April 24, 2018. The leak exposed confidential information about investors of the Bezos cryptocurrency. Thousands of investors who invested money and time in
Bitzamp

John McAfee-backed Cryptocurrency left a MongoDB Database Unsecured, Spilling Users Data
Kromtech Security has revealed a data breach tied to investors of the Bezop cryptocurrency. The cybersecurity firm made the announcement on April 24, 2018. The leak exposed confidential information about investors of the Bezos cryptocurrency.

Thousands of investors who invested money and time in the cryptocurrency e-commerce project evangelized by John McAfee, Bezop, have become victims of data theft. Reportedly, the startup left the personal data of more than 25,000 investors in a public access MongoDB database.

The Bezop spokesperson said the database contained details on around 6,500 ICO investors, while the rest was for users who participated in the public bounty program and received Bezop tokens in return. The database also contained information such as full names, home addresses, email addresses, encrypted passwords, wallet information, and scanned passports, driver’s licenses, or IDs.

The fault seems to be squarely on Bezop’s shoulders. Researchers have shown that the MongoDB database has no security. The data appears to have remained exposed online until March 30, when Kromtech researchers spotted the MongoDB database on a Google Cloud server. The database does not have an authentication system, which allows the person to connect with the stored information.

CTO of Bezop said: when the data breach was confirmed all users were notified reporting a DDoS attack that exposed the data. He also confirmed the fact that the issue had been resolved and that the affected databases had been secured.

Another controversy, perhaps more about the leak itself, the leak seems to have been deliberately orchestrated. According to the Kromtech researchers, the changes made to the MongoDB makes an accidental error impossible. This means that the database was intentionally configured.


Join Us On Telegram


Add a Comment