Author

Topic: First KYC data leak of 2019? (Read 139 times)

legendary
Activity: 2716
Merit: 1225
Once a man, twice a child!
February 13, 2019, 04:49:09 PM
#2
I am still wondering what your services are all about with this. What is it again?
jr. member
Activity: 172
Merit: 2
February 13, 2019, 03:55:36 AM
#1
 

End of January, 2019, on the darknet market named “Dread”, one of the vendors was reported to have been selling know-your-customer (KYC) information from top exchanges such as Binance, Poloniex, and Bitfinex. The post by ExploitDOT claimed they have “100k documents” containing user data from “every country”, where the exchanges operate. The seller’s offer is still valid and describes in details all the process, where prices start from 100 documents for $10 each with discounts for bulk purchases.

An anonymous cybersecurity expert contacted the individual posing as a buyer and got some free samples as proof that the leaked documents – KYC selfie pictures of persons holding up their identity cards or drivers’ licenses and a paper with “Binance” name and the date the picture was taken at. But this can be easily faked as number of samples was limited and it’s difficult to emphasize on how this data will be greatly useful.

All exchanges are notably praised for its security practices. Although all three deny that they were hacked, that doesn’t mean that such a breach never occurred. One of the first exchanges to deny was Bitfinex: “We want to assure our customers that Bitfinex is aware of this situation and can confirm there is no security breach to our platform. As always, if there are any queries please get in touch with our support team - https://www.bitfinex.com/support”.

Some of the mainstream media also reported that the “Largest collection ever of breached data found” detailing an 87 GB database leak, which includes over 700 million email addresses and 21 million passwords, data that had been labeled “Collection #1”. But experts assure that the data could be coming from a number of breaches by different hackers worldwide and could be two to three years old, so there is no direct danger to the general user community.

Overall, the alleged KYC hack might not be relevant, this kind of news are always disturbing and bring once again lots of attention to the security of sensitive users information.




KYCbench, your reliable KYC partner
www.kycbench.com
GDPR & ISO/IEC 27001:2013 compliant

Please contact KYCbench today, the most reliable ID verification processor at: [email protected]

Join our Telegram Groups:
KYCBench Announcement
KYCBench Community
Jump to: