Author

Topic: [2019-08-07] Binance Has Denied Information About Users Data Leak (Read 421 times)

legendary
Activity: 3080
Merit: 1353
Quote
Major cryptocurrency exchange Binance announced that it will offer a lifetime VIP membership to all its users affected by the recent Know Your Customer (KYC) images leak on the platform.
https://cointelegraph.com/news/binance-offers-lifetime-vip-membership-to-kyc-leak-victims

Binance trying to get off the hook in the cheapest way possible, if I was one of those who had been victims for this hack, i wouldn't agree on this so easily. Cheap tradings traded for my leaked ID papers, no way.


It really gives me a good chuckle here. what the hell is this kind of offer?  They really damage their reputation big time and if I'm one of the victims here, I will definitely go and sue them in court for that data breach. This so called lifetime ViP membership is crap, sadly though Binance is shield from this. I mean if you wanted to pursue them,  they are hiding somewhere we even don't know. So I felt sorry for those who became victim of their negligence.
hero member
Activity: 2464
Merit: 519
It's obvious binance denied that issues to protect and avood scandals and panic for the users. Binance need that because to stay people trust for the security system of the binance exchange is strong the investment of the user is protected.
Do they have to deny such hack again? they are used to denying every hack/allegation against them and this could be the beginning of their problem if they are not careful. Do they think its easy to stay up as one of the best exchanges in the world, I foresee this. The 7000 btc theft was swept under the rug since customers were not affected but this needs to be addressed before traders start losing confidence in them
legendary
Activity: 2268
Merit: 18748
Binance trying to get off the hook in the cheapest way possible
What a cop out. They've gone from "The leak is fake" to "The leak is real, but it wasn't out fault". Just own up and take responsibility.

Can anyone confirm whether in late 2017 their Terms of Use included a clause permitting them to send user's details to third-parties? It certainly does now, but I can't find any relevant archives to say whether it did at the time.

Still, a lifetime of monitoring your credit report plus the risk of thousands of dollars worth of credit being opened in your name, but look on the bright side, a free VIP account! /s

If even the largest players in cryptocurrency can't secure your KYC documents, what do you think a tiny exchange or brand new ICO is going to do with them. I will continue to encourage users to never complete KYC in crypto anywhere for any reason.
member
Activity: 560
Merit: 17
Quote
Major cryptocurrency exchange Binance announced that it will offer a lifetime VIP membership to all its users affected by the recent Know Your Customer (KYC) images leak on the platform.
https://cointelegraph.com/news/binance-offers-lifetime-vip-membership-to-kyc-leak-victims

Binance trying to get off the hook in the cheapest way possible, if I was one of those who had been victims for this hack, i wouldn't agree on this so easily. Cheap tradings traded for my leaked ID papers, no way.
legendary
Activity: 3248
Merit: 1160
Playbet.io - Crypto Casino and Sportsbook
Indeed, Binance would do everything to protect the exchange and retain the trust and confidence of the traders.
We should not only listen to one side only (Binance) but we should also listen and read other sources, so we will get the right picture of the story.
It's really hard to prove if this is true if the government will not get involve in this, though it's not money that is loss but sensitive information can be use for illegal purposes.

Why do you think that the government agencies will get involved in this? User data leaks happen every now and then, and the agencies don't have either the resources or the time to go after each and every data leak. They would tell you that it was the responsibility of the users and the exchange owners to keep the data secure. They have far more important things to take care of.

Now coming to the trust part, I would say that Binance had lost whatever reputation they had, when they lied a few months back that the first hack never occurred. Only when some of the users came up with the proof, they admitted that coins have been stolen from their hot-wallets. If they had any reputation remaining after that, then it got destroyed this time.

Government agencies have the responsibility to ensure users of the site are secured, if Binance is under their regulation, they should protect the people when Binance started to violate the law, the leak of information is a violation of the law which is the secrecy law, exchange have the responsibility to keep our information safe and private, otherwise they should be penalize if this leak of information if it's due to their negligence.
legendary
Activity: 3766
Merit: 1217
Indeed, Binance would do everything to protect the exchange and retain the trust and confidence of the traders.
We should not only listen to one side only (Binance) but we should also listen and read other sources, so we will get the right picture of the story.
It's really hard to prove if this is true if the government will not get involve in this, though it's not money that is loss but sensitive information can be use for illegal purposes.

Why do you think that the government agencies will get involved in this? User data leaks happen every now and then, and the agencies don't have either the resources or the time to go after each and every data leak. They would tell you that it was the responsibility of the users and the exchange owners to keep the data secure. They have far more important things to take care of.

Now coming to the trust part, I would say that Binance had lost whatever reputation they had, when they lied a few months back that the first hack never occurred. Only when some of the users came up with the proof, they admitted that coins have been stolen from their hot-wallets. If they had any reputation remaining after that, then it got destroyed this time.
sr. member
Activity: 1512
Merit: 316
It's obvious binance denied that issues to protect and avood scandals and panic for the users. Binance need that because to stay people trust for the security system of the binance exchange is strong the investment of the user is protected.

This could be a mjaor issue if proved correct beacuse this i sone of the leading exchanges currently and if any such thing happen then this will have the adverse effect on the market and definately they would lose a huge customer base which they have created over couple of years and another thing is that panic situation would lead to panic sale . So hopefully this just remain the story and not he truth.
legendary
Activity: 3248
Merit: 1160
Playbet.io - Crypto Casino and Sportsbook
It's obvious binance denied that issues to protect and avood scandals and panic for the users. Binance need that because to stay people trust for the security system of the binance exchange is strong the investment of the user is protected.
Indeed, Binance would do everything to protect the exchange and retain the trust and confidence of the traders.
We should not only listen to one side only (Binance) but we should also listen and read other sources, so we will get the right picture of the story.
It's really hard to prove if this is true if the government will not get involve in this, though it's not money that is loss but sensitive information can be use for illegal purposes.
hero member
Activity: 1526
Merit: 596
Think it's pretty real to me, I saw a thread where someone linked the photos, unblurred as well and they looked like real people who's ID's where leaked. I'm obviously not going to link those threads and telegram channels that contain the photos, obviously.

Again, this is another great example of why you never give out your ID/do KYC online. Even though companies may seem safe (Binance was regarded as one of the safest and most popular exchanges for a long time), hacks and leaks still do happen, and now the people's ID who got leaked - their lives are likely ruined forever.

I'm very curious to see how they will deal with the leaks - denial is what they are doing now, which is disappointing for a company that usually takes liability on these sorta things (eg, the hot wallet hack a couple months back).
full member
Activity: 952
Merit: 104
It's obvious binance denied that issues to protect and avood scandals and panic for the users. Binance need that because to stay people trust for the security system of the binance exchange is strong the investment of the user is protected.
member
Activity: 560
Merit: 17
^And who gets the money when they pay the fine? The victims or the Government?

It's a law of EU and some other countries where hefty fines are applicable but not common in other countries. Binance is headquartered in Malta in this case.

This is an interesting question. GDPR protects citizens and every one who has suffered from them can claim compensations:
Quote
Under Article 82 of the GDPR, any person who has suffered material or non-material damage as a result of an infringement of the GDPR has the right to receive compensation from the data controller or processor for the damage suffered. The individual is entitled to bring a compensation claim in the courts

If we suppose that no one claims them  but data is leaked, who will start the process and who will get the reward?
As far as i have red, GDPR claims are responsibility of each individual and has to e claimed within the country of resident.
So I suppose someone has to start the ball rolling and it will get very very expensive for Binance, this means that they would prefer to pay the hackers .
legendary
Activity: 3766
Merit: 1217
Binance have been going through all sorts of trouble, and personally I would advise everyone not to store any of their crypto or fiat in that exchange. First, it was the news of their hot wallets getting hacked and coins worth BTC7,000 getting stolen. At first, Binance team denied that they were hacked, but had to admit when the users posted evidence. Then after a few months, they had issues with IRS regarding the KYC process. That issue was resolved after Binance promised to keep the US users away from its main platform.

As far as I know, Binance is still denying that any of the data regarding to its users got stolen. But looking at their reaction after the hack earlier this year, I would be more skeptical. Coindesk is reporting that the hacker (known as "Bnatov Platon") is holding KYC information of more than 60,000 users and he had demanded BTC300 from Binance to withhold them. The talks between the hacker and Binance has broken down without a deal and interestingly Platon accuses one of the Binance staff of involvement in the earlier hack (in which BTC7,000 was stolen).
legendary
Activity: 2632
Merit: 1094
^And who gets the money when they pay the fine? The victims or the Government?

It's a law of EU and some other countries where hefty fines are applicable but not common in other countries. Binance is headquartered in Malta in this case.
copper member
Activity: 2940
Merit: 4101
Top Crypto Casino
Binance denies information data leak but why didn't they talk immediately about these discussions with the hacker?
Immediately ... in July, when it started...

...

It depends on the laws of each country. The states had until last year to notify the Commission. In mine, the fine is up to 300 000€. Peanuts for a medium or large company

The problem is that there are 4 levels of sanctions and in general when it is the 1st or 2nd, companies do not have much.
In addition, what may be difficult is to prove that the company has failed to meet its obligations. A company can very well get hacked even if it does everything it can to protect its data.

legendary
Activity: 2632
Merit: 1094
If the telegram group actually had pictures of users then the data is leaked and 2 users confirmed it so definitely it looks like some insider's job. Now they are negotiating deals with the hacker. Ridiculous!

Quote
“We would like to inform you that an unidentified individual has threatened and harassed us, demanding 300 BTC in exchange for withholding 10,000 photos that bear similarity to Binance KYC data. We are still investigating this case for legitimacy and relevancy.”

https://www.coindesk.com/a-bitcoin-extortion-gone-wrong-inside-binances-negotiations-with-its-kyc-hacker

Earlier money hacked and now data. Wonder how can we believe Binance now as nothing they say actually shows they can be trusted.

The hackers of the 4000+ are now using chipmixer to mix the coins.
legendary
Activity: 2268
Merit: 18748
I wonder- what could be the possible fine by GDPR of losing custoers data, or it does not work with theft ?
Theres certainly a precedent for it, and a very recent one at that.

Just last month, Marriott International (the hotel chain) were handed a fine of over $120 million after hackers stole the personal details of several million customers. A few days before that, British Airways were fined over $220 million after a similar hack and security breach.

The GDPR allows a maximum fine of up to €20 million or 4% of annual turnover. The hacks above involved hundreds of thousands individuals, though. If Binance were fined, i would suspect it would be a much lower sum.
member
Activity: 560
Merit: 17
First thought it is real, then denied y Binance - so fake, now i see the information about the ids in telegram group- seems that the truth is that it is real and Binance is denying it.

I wonder- what could be the possible fine by GDPR of losing custoers data, or it does not work with theft ?
legendary
Activity: 3248
Merit: 1402
Join the world-leading crypto sportsbook NOW!
Binance involvement in this has already been proven? No, so we will not make premature conclusions
Binance might not be involved, it is true. In fact, it probably is not involved. At least, Binance claims they have digital watermarks by which they can identify whether the data was taken from them and that the leaked photos do not have it. They are also saying that they used to work with an intermediary in February, so it could be some issues resulting from there. However, I think that Binance is responsible nevertheless because people never gave their data to some random employees or companies. They trusted Binance, and the exchange was not able to secure information that can do a lot of harm.
legendary
Activity: 3080
Merit: 1353
There was a different twist on the story now.

An Extortion Gone Bad: Inside Binance’s Negotiations With Its ‘KYC Hacker’

Quote
In what appears to be an elaborate game of hackers hacking hackers, an individual operating under the pseudonym “Bnatov Platon” has provided CoinDesk with extensive information about their attempts to obtain millions of dollars in exchange for declining to release information about customers of one of the world’s largest cryptocurrency exchanges, Binance.

Information about the hack, gathered over a month-long interaction with the hacker, was pushed into the public eye today when Platon began posting what he alleged were images and information about real Binance customers, first on an open website and then on Telegram.

The idea customer information might not be safe on the world’s largest exchange was enough to immediately spark the attention of the industry, with major news websites and Twitter influencers swiftly broadcasting the news.

Yet, the full story was – and remains – more complicated than it first appeared.

So the hackers hacked those who hacked the Binance platform. And when the extortion fails, he just decided to released all the information, LOL.

So there's a lot of mysteries that we are not aware of. Lessons learned: There are no safe exchanges, everyone is hackable specially when there is a connivance from someone inside.
legendary
Activity: 2968
Merit: 3684
Join the world-leading crypto sportsbook NOW!
There are also a couple of articles which say that all these photos are from Binance phishing sites. It seems a number of Binance users were previously emailed to say their account was locked, and they were required to upload KYC documents to unlock it, along with a link in the email to a phishing site. Binance's statement on the matter is far from reassuring though. It sounds like they have no idea whether or not they were hacked, or how it might have happened.

The phishing idea afaik comes from Binance too. Basically, they're saying they don't know where do those photos comes from and said that there's no Binance digital fingerprint on all of them. Which is why, it seems likely that those photos were either submitted to fake Binance sites, fake email, or it was a leak from 3rd party provider that they hired at some point in 2018.

So yeah, pics are real probably, but where it comes from remains unclear. Of course, we won't know whether Binance is saying the truth or just saving themselves.

What else would we expect them to do or say? Denial is not illegal, as long as you keep from saying false statements (and technicalities are always going to get people into loopholes easily).

They are a business, no matter what anyone says, so their sole purpose is profit and preservation of their business.

What this does show already is they did not reveal everything about the earlier hack and there is likely much more they are not letting on. We shouldn't be surprised though. And i think there's so much naivety when people get shocked by these guys.
legendary
Activity: 2170
Merit: 1789
There are also a couple of articles which say that all these photos are from Binance phishing sites. It seems a number of Binance users were previously emailed to say their account was locked, and they were required to upload KYC documents to unlock it, along with a link in the email to a phishing site. Binance's statement on the matter is far from reassuring though. It sounds like they have no idea whether or not they were hacked, or how it might have happened.

The phishing idea afaik comes from Binance too. Basically, they're saying they don't know where do those photos comes from and said that there's no Binance digital fingerprint on all of them. Which is why, it seems likely that those photos were either submitted to fake Binance sites, fake email, or it was a leak from 3rd party provider that they hired at some point in 2018.

So yeah, pics are real probably, but where it comes from remains unclear. Of course, we won't know whether Binance is saying the truth or just saving themselves.
legendary
Activity: 2268
Merit: 18748
On Wednesday, a Telegram group created by an admin under the pseudonym “Guardian M” distributed hundreds of images of individuals holding their IDs and pieces of paper written with “Binance, 02/24/19,” alleging that the data presented was hacked from the exchange.
So much for Binance's initial statement that "they all appear to be dated from February of 2018." Undecided
I'm obviously not going to link to them, but you can view the pictures online. All the ones I've seen are dated 24th February 2018. All the other articles I have read also say 2018. I suspect this is just poor reporting by coindesk.

There are also a couple of articles which say that all these photos are from Binance phishing sites. It seems a number of Binance users were previously emailed to say their account was locked, and they were required to upload KYC documents to unlock it, along with a link in the email to a phishing site. Binance's statement on the matter is far from reassuring though. It sounds like they have no idea whether or not they were hacked, or how it might have happened.

I'm a strong advocate of never doing KYC for anything crypto related, and this is why.
hero member
Activity: 1806
Merit: 672
They have the power to do so since they don't have any evidence against them, not until their own users comes forward and they know themselves that their public information are being used by other people then we don't really have any proof that a data leak happened. They can say a lot of excuses that the leak documents was not even from Binance or they don't even have that users in them. As far as they are concerned they are just only victims of black propaganda trying to damage the reputation of their business.
legendary
Activity: 1526
Merit: 1179
CZ on Twitter already said that it was old news with a different spin. It definitely doesn't make it less bad, but people shouldn't jump to conclusions just because news outlets are spreading these articles.

If you sign up to an unregulated exchange, this is something that can happen. You don't know their security procedures when it comes to the KYC information people sent them, and you don't know if they outsource KYC verification.

I however don't think people care enough with how their greed is blinding them. They'll care one or two days and then move on to what they have been doing before, which is trading shitcoins and invest in IEOs.
legendary
Activity: 1666
Merit: 1196
STOP SNITCHIN'
On Wednesday, a Telegram group created by an admin under the pseudonym “Guardian M” distributed hundreds of images of individuals holding their IDs and pieces of paper written with “Binance, 02/24/19,” alleging that the data presented was hacked from the exchange.

So much for Binance's initial statement that "they all appear to be dated from February of 2018." Undecided

There are some irregularities that suggest something more complex is going on than a simple hack of Binance's database, though:

Quote
A third user we contacted could have been a victim of identity theft. The photograph we analyzed contained a face similar to the victims but incorrect address information.

An error-level analysis of the photo suggests that the some of the image had been modified, especially the brighter edges in the photo above. “Similar edges should have similar brightness in the ELA result,” wrote the photo forensics site FotoForensics. “All high-contrast edges should look similar to each other, and all low-contrast edges should look similar. With an original photo, low-contrast edges should be almost as bright as high-contrast edge.”

And Binance continues to say that the images aren't watermarked, therefore not taken from their database.

It looks like there may have been a leak of KYC data from a third party vendor they used in February 2018. That data may be mixed in with a larger set of data taken from other sources and modified.
hero member
Activity: 2926
Merit: 722
DGbet.fun - Crypto Sportsbook
Seems real to me   Undecided

Same here but Binance is trying to deny it up to death. hehe. If users do able to recognized those images where sent on KYC proceedings then theres no doubt that this leakage is legit.So whats next with Binance? known to be a secure exchange and a top tier one.
member
Activity: 893
Merit: 43
Random coins :)
This is the very reason why people try to avoid KYC because we all know that data storage is never 100% secure no matter what they tell us!

And seeing more decentralized exchanges like idex becoming some sort of centralized exchange all requiring KYC we shall soon have no exchange to go to.
legendary
Activity: 3122
Merit: 1032
#1 VIP Crypto Casino
Seems real to me   Undecided



https://www.coindesk.com/binance-kyc-issue?utm_source=twitter&utm_medium=coindesk&utm_term=&utm_content=&utm_campaign=Organic%20

Binance, the world’s largest cryptocurrency exchange by trading volume, said it’s investigating the alleged leak of its customers’ verification information. The leak could affect up to 60,000 individual users who sent KYC information to the company in 2018 and 2019.

This leak is said to be directly related to a hack that nabbed 7,000 bitcoin last May.

On Wednesday, a Telegram group created by an admin under the pseudonym “Guardian M” distributed hundreds of images of individuals holding their IDs and pieces of paper written with “Binance, 02/24/19,” alleging that the data presented was hacked from the exchange. The hacker supplied CoinDesk with hundreds of photographs and we have identified a number of users who recognize the photos of their faces and personal IDs that they sent into Binance for know-your-customer purposes.
sr. member
Activity: 455
Merit: 250
A new post has appeared on the Internet about the hacking of the Binance cryptocurrency exchange. According to it, scammers stole the data of users of the trading platform and posted photos of documents on the Telegram group.
Binance CEO Changpeng Zhao reacted to the report of a hacker attack and promised to investigate the situation. At 12:15 UTC, he posted on Twitter an information which stated that the information about the hacking of the exchange is not true. He posted a link to similar news that appeared on the network on August 24, 2018. Then an unknown hacker claimed that he was able to get user data. He uploaded scans of documents as a confirmation. However, this information was subsequently refuted by the Binance staff.

Read more https://en.bit.news/binance-denied-information-users-data-leak/
Jump to: