Researchers at Kromtech Security have discovered a MongoDB database that contains the personal details of over 25,000 users who have invested in the John McAffee-backed bezop (BEZ) cryptocurrency.
The leak exposed confidential information of investors such as full names, home addresses, email addresses, encrypted passwords, wallet information, and even scanned passports, driver's licenses, or IDs.
The leak reportedly occurred while the firm’s dev team was dealing with a DDoS attack on January 8, according to an announcement on Bezop’s Medium account.
The information stored on the database is related to a “bounty programme” that was run earlier this year where Bezop handed out tokens (about 4,045,343 Bez) to users promoting their cryptocurrency on social media.
The database reportedly contained personal and confidential details of over 6,500 ICO investors, while the rest were from users who were given tokens as part of the bounty programme.
The server has been secured, according to Bezop.
"That database has since been closed and secured," the Bezop team said this week. "Investor identity cards were also not stored on the database rather a URL link to them. This is also offline now."
Bezop also said that the team had already notified users of the breach in January.
The data was supposedly exposed online until March 30, when Kromtech researchers found the MongoDB database on a google cloud server without any authentication system in place, allowing easy access to anyone who was able to connect to it.
The leak exposed confidential information of investors such as full names, home addresses, email addresses, encrypted passwords, wallet information, and even scanned passports, driver's licenses, or IDs.
The leak reportedly occurred while the firm’s dev team was dealing with a DDoS attack on January 8, according to an announcement on Bezop’s Medium account.
The information stored on the database is related to a “bounty programme” that was run earlier this year where Bezop handed out tokens (about 4,045,343 Bez) to users promoting their cryptocurrency on social media.
The database reportedly contained personal and confidential details of over 6,500 ICO investors, while the rest were from users who were given tokens as part of the bounty programme.
The server has been secured, according to Bezop.
The dB server is not online & Has not been for quite a while. The only occourance we know of and can confirm is the January exploit. Those who had access to that article will have access to these same images .— Bezop Network (@BezopNetwork) April 26, 2018
"That database has since been closed and secured," the Bezop team said this week. "Investor identity cards were also not stored on the database rather a URL link to them. This is also offline now."
Bezop also said that the team had already notified users of the breach in January.
The data was supposedly exposed online until March 30, when Kromtech researchers found the MongoDB database on a google cloud server without any authentication system in place, allowing easy access to anyone who was able to connect to it.