Author

Topic: Binance KYC leak, KYC issue (Read 157 times)

full member
Activity: 728
Merit: 115
August 11, 2019, 04:37:35 PM
#4

Which makes me most disgusted is knowing that the hacker is demanding 300 BTC. a very bad and criminal attitude, because he is blackmailing


Would he be less bad in your eyes if he just politely asked them to for only 150 BTC Grin Cheesy

I am more disgusted that they tried to cover it up and deny it and at the same time created that reward for any information about the leak.

For that same reason GDPR was defined, any party that holds data about customers, and finds out about the breach no matter how is made; hacker attack or just leak from angry stuff, is obligated to report in strictly defined time frame, otherwise that could be interpreted as cover up and will be legally sanctioned. Cool





legendary
Activity: 3234
Merit: 1130
Leading Crypto Sports Betting & Casino Platform
August 11, 2019, 03:23:45 PM
#3
that's a story that will make many headlines for news channels

It seems they are at least trying to figure things out

Which makes me most disgusted is knowing that the hacker is demanding 300 BTC. a very bad and criminal attitude, because he is blackmailing
full member
Activity: 728
Merit: 115
August 09, 2019, 10:28:22 AM
#2
It seems that they or their contractor really somehow manage to lose bunch of user data now flowing around the internet.
This could end very bad for them, because if they had a breach and didn't report that on time this could result in some big fines regarding data loss.

"
Under the GDPR individuals can bring private claims against both data controllers and data processors. ... Successful private claimants may currently be awarded compensation for personal data breaches
"



It seems they are at least trying to figure things out

"Binance has offered a reward of up to 25 bitcoin, worth around $290,000, to anyone with information that leads to the identification of the hacker."
jr. member
Activity: 208
Merit: 7
August 09, 2019, 09:58:18 AM
#1
Is this true?

Binance, the world’s largest cryptocurrency exchange by trading volume, said it’s investigating the alleged leak of its customers’ verification information. The leak could affect up to 60,000 individual users who sent KYC information to the company in 2018 and 2019.

This leak is said to be directly related to a hack that nabbed 7,000 bitcoin last May.

On Wednesday, a Telegram group created by an admin under the pseudonym “Guardian M” distributed hundreds of images of individuals holding their IDs and pieces of paper written with “Binance, 02/24/18,” alleging that the data presented was hacked from the exchange. The hacker supplied CoinDesk with hundreds of photographs and we have identified a number of users who recognize the photos of their faces and personal IDs that they sent into Binance for know-your-customer purposes.

The hacker told CoinDesk that he or she has at least 60,000 more and that he will release them over time. We have access to nearly 1,000.

Know-your-customer, or KYC, is a legal requirement by financial institutions to collect identifying information for all customers attempting to trade, withdraw and deposit.

In a response on Wednesday, Binance said the information circulated in the Telegram channel does not match data in Binance’s own internal system, and as such said there’s no evidence so far to show it’s directly coming from the exchange itself.

“These images do not contain the digital watermark imprinted by our system,” the company said. “Our security team is hard at work pursuing all possible leads in an attempt to identify the source of these images, as it remains unclear where they were obtained.”

Binance added that the unidentified individual previously demanded 300 BTC from it for “withholding 10,000 photos that bear similarity to Binance KYC data.” After Binance refused to continue the conversation, the individual started distributing the photos online and to media outlets.

In fact, since Monday this week, CoinDesk has already reached out to three people whose ID images, among hundreds of others, were first uploaded to a publicly available cloud drive and were later circulating in the Telegram group today.

Two individuals confirmed to CoinDesk the authenticity of the images and that they submitted such images to Binance.com on Feb. 24 2018.

One of the two individuals, who asked to remain anonymous, showed CoinDesk his Binance login history from January 2018 when he first registered the account, via email alerts he received every time he went onto the site.

The email alert history indicates he did log into Binance.com, on Feb. 24, 2018, around 5:00 UTC.

Further, this individual showed CoinDesk an ID image of his saved on his phone taken on Feb. 24 around 6:00 UTC, which appears identical to the one that’s circulating inside the Telegram group.

The second individual told CoinDesk that he received an email from Binance’s customer support on Feb. 24 as he was trying to make the size of his submitted image correct. He added the email was sent from an email address with a binance.zendesk.com domain. The exchange makes regular announcements on a site with such domain name.

A third user we contacted could have been a victim of identity theft. The photograph we analyzed contained a face similar to the victims but incorrect address information.



An error-level analysis of the photo suggests that the some of the image had been modified, especially the brighter edges in the photo above. “Similar edges should have similar brightness in the ELA result,” wrote the photo forensics site FotoForensics. “All high-contrast edges should look similar to each other, and all low-contrast edges should look similar. With an original photo, low-contrast edges should be almost as bright as high-contrast edge.”

In today’s response, Binance said that around February 2018, it had contracted a third-party vendor to handle know-your-customer verification “in order to handle the high volume of requests at that time.”

The exchange did not elaborate on to what degree this third-party vendor was give access to the know-your-customer data or whether it was able to obtain the actual image files on premise.

“Currently, we are investigating with the third-party vendor for more information. We are continuing to investigate and will keep you informed,” the company said.

Source:
https://www.coindesk.com/binance-kyc-issue
Jump to: