[2019-08-07] Binance Has Denied Information About Users Data Leak

Kemarit

legendary

Activity: 3080

Merit: 1353

Quote from: Schirer on August 26, 2019, 07:08:51 AM

Quote

Major cryptocurrency exchange Binance announced that it will offer a lifetime VIP membership to all its users affected by the recent Know Your Customer (KYC) images leak on the platform.

https://cointelegraph.com/news/binance-offers-lifetime-vip-membership-to-kyc-leak-victims

Binance trying to get off the hook in the cheapest way possible, if I was one of those who had been victims for this hack, i wouldn't agree on this so easily. Cheap tradings traded for my leaked ID papers, no way.

It really gives me a good chuckle here. what the hell is this kind of offer? They really damage their reputation big time and if I'm one of the victims here, I will definitely go and sue them in court for that data breach. This so called lifetime ViP membership is crap, sadly though Binance is shield from this. I mean if you wanted to pursue them, they are hiding somewhere we even don't know. So I felt sorry for those who became victim of their negligence.

royalfestus

hero member

Activity: 2464

Merit: 519

Quote from: rodel caling on August 09, 2019, 05:38:30 PM

It's obvious binance denied that issues to protect and avood scandals and panic for the users. Binance need that because to stay people trust for the security system of the binance exchange is strong the investment of the user is protected.

Do they have to deny such hack again? they are used to denying every hack/allegation against them and this could be the beginning of their problem if they are not careful. Do they think its easy to stay up as one of the best exchanges in the world, I foresee this. The 7000 btc theft was swept under the rug since customers were not affected but this needs to be addressed before traders start losing confidence in them

o_e_l_e_o

legendary

Activity: 2268

Merit: 18711

Quote from: Schirer on August 26, 2019, 07:08:51 AM

Binance trying to get off the hook in the cheapest way possible

What a cop out. They've gone from "The leak is fake" to "The leak is real, but it wasn't out fault". Just own up and take responsibility.

Can anyone confirm whether in late 2017 their Terms of Use included a clause permitting them to send user's details to third-parties? It certainly does now, but I can't find any relevant archives to say whether it did at the time.

Still, a lifetime of monitoring your credit report plus the risk of thousands of dollars worth of credit being opened in your name, but look on the bright side, a free VIP account! /s

If even the largest players in cryptocurrency can't secure your KYC documents, what do you think a tiny exchange or brand new ICO is going to do with them. I will continue to encourage users to never complete KYC in crypto anywhere for any reason.

Schirer

member

Activity: 560

Merit: 17

Quote

Major cryptocurrency exchange Binance announced that it will offer a lifetime VIP membership to all its users affected by the recent Know Your Customer (KYC) images leak on the platform.

https://cointelegraph.com/news/binance-offers-lifetime-vip-membership-to-kyc-leak-victims

Binance trying to get off the hook in the cheapest way possible, if I was one of those who had been victims for this hack, i wouldn't agree on this so easily. Cheap tradings traded for my leaked ID papers, no way.

freedomgo

legendary

Activity: 3248

Merit: 1160

Playbet.io - Crypto Casino and Sportsbook

Quote from: bryant.coleman on August 15, 2019, 01:07:56 AM

Quote from: freedomgo on August 10, 2019, 06:05:48 PM

Indeed, Binance would do everything to protect the exchange and retain the trust and confidence of the traders.
We should not only listen to one side only (Binance) but we should also listen and read other sources, so we will get the right picture of the story.
It's really hard to prove if this is true if the government will not get involve in this, though it's not money that is loss but sensitive information can be use for illegal purposes.

Why do you think that the government agencies will get involved in this? User data leaks happen every now and then, and the agencies don't have either the resources or the time to go after each and every data leak. They would tell you that it was the responsibility of the users and the exchange owners to keep the data secure. They have far more important things to take care of.

Now coming to the trust part, I would say that Binance had lost whatever reputation they had, when they lied a few months back that the first hack never occurred. Only when some of the users came up with the proof, they admitted that coins have been stolen from their hot-wallets. If they had any reputation remaining after that, then it got destroyed this time.

Government agencies have the responsibility to ensure users of the site are secured, if Binance is under their regulation, they should protect the people when Binance started to violate the law, the leak of information is a violation of the law which is the secrecy law, exchange have the responsibility to keep our information safe and private, otherwise they should be penalize if this leak of information if it's due to their negligence.

bryant.coleman

legendary

Activity: 3766

Merit: 1217

Quote from: freedomgo on August 10, 2019, 06:05:48 PM

Indeed, Binance would do everything to protect the exchange and retain the trust and confidence of the traders.
We should not only listen to one side only (Binance) but we should also listen and read other sources, so we will get the right picture of the story.
It's really hard to prove if this is true if the government will not get involve in this, though it's not money that is loss but sensitive information can be use for illegal purposes.

Why do you think that the government agencies will get involved in this? User data leaks happen every now and then, and the agencies don't have either the resources or the time to go after each and every data leak. They would tell you that it was the responsibility of the users and the exchange owners to keep the data secure. They have far more important things to take care of.

Now coming to the trust part, I would say that Binance had lost whatever reputation they had, when they lied a few months back that the first hack never occurred. Only when some of the users came up with the proof, they admitted that coins have been stolen from their hot-wallets. If they had any reputation remaining after that, then it got destroyed this time.

onrise

sr. member

Activity: 1512

Merit: 316

Quote from: rodel caling on August 09, 2019, 05:38:30 PM

It's obvious binance denied that issues to protect and avood scandals and panic for the users. Binance need that because to stay people trust for the security system of the binance exchange is strong the investment of the user is protected.

This could be a mjaor issue if proved correct beacuse this i sone of the leading exchanges currently and if any such thing happen then this will have the adverse effect on the market and definately they would lose a huge customer base which they have created over couple of years and another thing is that panic situation would lead to panic sale . So hopefully this just remain the story and not he truth.

freedomgo

legendary

Activity: 3248

Merit: 1160

Playbet.io - Crypto Casino and Sportsbook

Quote from: rodel caling on August 09, 2019, 05:38:30 PM

It's obvious binance denied that issues to protect and avood scandals and panic for the users. Binance need that because to stay people trust for the security system of the binance exchange is strong the investment of the user is protected.

Indeed, Binance would do everything to protect the exchange and retain the trust and confidence of the traders.
We should not only listen to one side only (Binance) but we should also listen and read other sources, so we will get the right picture of the story.
It's really hard to prove if this is true if the government will not get involve in this, though it's not money that is loss but sensitive information can be use for illegal purposes.

timerland

hero member

Activity: 1526

Merit: 596

Think it's pretty real to me, I saw a thread where someone linked the photos, unblurred as well and they looked like real people who's ID's where leaked. I'm obviously not going to link those threads and telegram channels that contain the photos, obviously.

Again, this is another great example of why you never give out your ID/do KYC online. Even though companies may seem safe (Binance was regarded as one of the safest and most popular exchanges for a long time), hacks and leaks still do happen, and now the people's ID who got leaked - their lives are likely ruined forever.

I'm very curious to see how they will deal with the leaks - denial is what they are doing now, which is disappointing for a company that usually takes liability on these sorta things (eg, the hot wallet hack a couple months back).

rodel caling

full member

Activity: 952

Merit: 104

It's obvious binance denied that issues to protect and avood scandals and panic for the users. Binance need that because to stay people trust for the security system of the binance exchange is strong the investment of the user is protected.

Schirer

member

Activity: 560

Merit: 17

Quote from: erikalui on August 08, 2019, 02:29:35 PM

^And who gets the money when they pay the fine? The victims or the Government?

It's a law of EU and some other countries where hefty fines are applicable but not common in other countries. Binance is headquartered in Malta in this case.

This is an interesting question. GDPR protects citizens and every one who has suffered from them can claim compensations:

Quote

Under Article 82 of the GDPR, any person who has suffered material or non-material damage as a result of an infringement of the GDPR has the right to receive compensation from the data controller or processor for the damage suffered. The individual is entitled to bring a compensation claim in the courts

If we suppose that no one claims them but data is leaked, who will start the process and who will get the reward?
As far as i have red, GDPR claims are responsibility of each individual and has to e claimed within the country of resident.
So I suppose someone has to start the ball rolling and it will get very very expensive for Binance, this means that they would prefer to pay the hackers .

bryant.coleman

legendary

Activity: 3766

Merit: 1217

Binance have been going through all sorts of trouble, and personally I would advise everyone not to store any of their crypto or fiat in that exchange. First, it was the news of their hot wallets getting hacked and coins worth BTC7,000 getting stolen. At first, Binance team denied that they were hacked, but had to admit when the users posted evidence. Then after a few months, they had issues with IRS regarding the KYC process. That issue was resolved after Binance promised to keep the US users away from its main platform.

As far as I know, Binance is still denying that any of the data regarding to its users got stolen. But looking at their reaction after the hack earlier this year, I would be more skeptical. Coindesk is reporting that the hacker (known as "Bnatov Platon") is holding KYC information of more than 60,000 users and he had demanded BTC300 from Binance to withhold them. The talks between the hacker and Binance has broken down without a deal and interestingly Platon accuses one of the Binance staff of involvement in the earlier hack (in which BTC7,000 was stolen).

erikalui

legendary

Activity: 2632

Merit: 1094

^And who gets the money when they pay the fine? The victims or the Government?

It's a law of EU and some other countries where hefty fines are applicable but not common in other countries. Binance is headquartered in Malta in this case.

LeGaulois

copper member

Activity: 2940

Merit: 4101

Top Crypto Casino

Binance denies information data leak but why didn't they talk immediately about these discussions with the hacker?
Immediately ... in July, when it started...

Quote from: o_e_l_e_o on August 08, 2019, 09:22:45 AM

...

It depends on the laws of each country. The states had until last year to notify the Commission. In mine, the fine is up to 300 000€. Peanuts for a medium or large company

The problem is that there are 4 levels of sanctions and in general when it is the 1st or 2nd, companies do not have much.
In addition, what may be difficult is to prove that the company has failed to meet its obligations. A company can very well get hacked even if it does everything it can to protect its data.

erikalui

legendary

Activity: 2632

Merit: 1094

If the telegram group actually had pictures of users then the data is leaked and 2 users confirmed it so definitely it looks like some insider's job. Now they are negotiating deals with the hacker. Ridiculous!

Quote

“We would like to inform you that an unidentified individual has threatened and harassed us, demanding 300 BTC in exchange for withholding 10,000 photos that bear similarity to Binance KYC data. We are still investigating this case for legitimacy and relevancy.”

https://www.coindesk.com/a-bitcoin-extortion-gone-wrong-inside-binances-negotiations-with-its-kyc-hacker

Earlier money hacked and now data. Wonder how can we believe Binance now as nothing they say actually shows they can be trusted.

The hackers of the 4000+ are now using chipmixer to mix the coins.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18711

Quote from: Schirer on August 08, 2019, 09:03:30 AM

I wonder- what could be the possible fine by GDPR of losing custoers data, or it does not work with theft ?

Theres certainly a precedent for it, and a very recent one at that.

Just last month, Marriott International (the hotel chain) were handed a fine of over $120 million after hackers stole the personal details of several million customers. A few days before that, British Airways were fined over $220 million after a similar hack and security breach.

The GDPR allows a maximum fine of up to €20 million or 4% of annual turnover. The hacks above involved hundreds of thousands individuals, though. If Binance were fined, i would suspect it would be a much lower sum.

Schirer

member

Activity: 560

Merit: 17

First thought it is real, then denied y Binance - so fake, now i see the information about the ids in telegram group- seems that the truth is that it is real and Binance is denying it.

I wonder- what could be the possible fine by GDPR of losing custoers data, or it does not work with theft ?

kryptqnick

legendary

Activity: 3248

Merit: 1402

Join the world-leading crypto sportsbook NOW!

Quote from: ?? on ??

Binance involvement in this has already been proven? No, so we will not make premature conclusions

Binance might not be involved, it is true. In fact, it probably is not involved. At least, Binance claims they have digital watermarks by which they can identify whether the data was taken from them and that the leaked photos do not have it. They are also saying that they used to work with an intermediary in February, so it could be some issues resulting from there. However, I think that Binance is responsible nevertheless because people never gave their data to some random employees or companies. They trusted Binance, and the exchange was not able to secure information that can do a lot of harm.

Kemarit

legendary

Activity: 3080

Merit: 1353

There was a different twist on the story now.

An Extortion Gone Bad: Inside Binance’s Negotiations With Its ‘KYC Hacker’

Quote

In what appears to be an elaborate game of hackers hacking hackers, an individual operating under the pseudonym “Bnatov Platon” has provided CoinDesk with extensive information about their attempts to obtain millions of dollars in exchange for declining to release information about customers of one of the world’s largest cryptocurrency exchanges, Binance.

Information about the hack, gathered over a month-long interaction with the hacker, was pushed into the public eye today when Platon began posting what he alleged were images and information about real Binance customers, first on an open website and then on Telegram.

The idea customer information might not be safe on the world’s largest exchange was enough to immediately spark the attention of the industry, with major news websites and Twitter influencers swiftly broadcasting the news.

Yet, the full story was – and remains – more complicated than it first appeared.

So the hackers hacked those who hacked the Binance platform. And when the extortion fails, he just decided to released all the information, LOL.

So there's a lot of mysteries that we are not aware of. Lessons learned: There are no safe exchanges, everyone is hackable specially when there is a connivance from someone inside.

buwaytress

legendary

Activity: 2968

Merit: 3684

Join the world-leading crypto sportsbook NOW!

Quote from: joniboini on August 07, 2019, 08:36:02 PM

Quote from: o_e_l_e_o on August 07, 2019, 02:59:07 PM

There are also a couple of articles which say that all these photos are from Binance phishing sites. It seems a number of Binance users were previously emailed to say their account was locked, and they were required to upload KYC documents to unlock it, along with a link in the email to a phishing site. Binance's statement on the matter is far from reassuring though. It sounds like they have no idea whether or not they were hacked, or how it might have happened.

The phishing idea afaik comes from Binance too. Basically, they're saying they don't know where do those photos comes from and said that there's no Binance digital fingerprint on all of them. Which is why, it seems likely that those photos were either submitted to fake Binance sites, fake email, or it was a leak from 3rd party provider that they hired at some point in 2018.

So yeah, pics are real probably, but where it comes from remains unclear. Of course, we won't know whether Binance is saying the truth or just saving themselves.

What else would we expect them to do or say? Denial is not illegal, as long as you keep from saying false statements (and technicalities are always going to get people into loopholes easily).

They are a business, no matter what anyone says, so their sole purpose is profit and preservation of their business.

What this does show already is they did not reveal everything about the earlier hack and there is likely much more they are not letting on. We shouldn't be surprised though. And i think there's so much naivety when people get shocked by these guys.

Topic: [2019-08-07] Binance Has Denied Information About Users Data Leak (Read 419 times)