1. BITBILIHome
  2. Article

Huobi fixes data breach involving sensitive information for 4,960 users

50 views

TL;DR Breakdown

  • Crypto exchange Huobi has fixed its data breach after a massive data leak that allegedly put users’ funds at risk since June 2021
  • The exchange risked exposure of its sensitive information, such as VIP user data and technical infrastructure of the exchange
  • However, it took months for the exchange to respond to the white hat hacker

Description

Crypto exchange Huobi has fixed its data breach after a massive data leak that allegedly put users’ funds at risk since June 2021. The data leak had information on almost all the over-the-counter (OTC) transaction information from 2017 to 2021, with some of the data being VIP user data and information on the technical infrastructure … Read more

Crypto exchange Huobi has fixed its data breach after a massive data leak that allegedly put users’ funds at risk since June 2021. The data leak had information on almost all the over-the-counter (OTC) transaction information from 2017 to 2021, with some of the data being VIP user data and information on the technical infrastructure of the exchange.

Huobi risked exposure of its sensitive information 

White hat hacker and citizen journalist Aaron Phillips disclosed the Huobi data breach. The white hacker explained that an attacker exploiting Huobi’s vulnerability would have had the opportunity to achieve the largest crypto theft in history. Anyone accessing the exchange’s credentials could have changed their domains, including hbfile.net and huobi.com. In addition, their internal documents and user data could be exposed.

According to previous reports, the company handles over a billion dollars daily in trading volume. Hence, users’ accounts and crypto assets would have been stolen if they hadn’t taken action to fix the leak. Phillips emphasized the potential for malicious scripts to be injected into Huobi’s content delivery networks (CDNs) and websites. According to him, the CDNs might have compromised all Huobi login pages, possibly harming anyone who used a Huobi website or app over the previous two years.

The exchange risks exposure to sensitive information, including the contact information and account balances of cryptocurrency users, and it puts customers at risk of losing their accounts and crypto assets. According to Phillips, this includes Huobi’s over-the-counter (OTC) trade data as well as a database of cryptocurrency whales. He confirmed, however, that no breach was carried out using the data leak.

Huobi fixes data breach

According to the exchange, which confirmed the occurrence, it was caused by the appropriate staff members’ irregular conduct in the S3 barrel of the Japanese station’s test environment. On October 8, 2022, all pertinent user data was isolated. 

The exchange asserted that the leakage was small-scale, involving 4,960 individuals. It added that the leaked information did not have sensitive information and never affected user accounts and the security of their assets. 

Huobi further stated that the Huobi Japanese and Huobi Global sites are separate entities. On June 21, 2023, the Huobi Security Team immediately took action after being alerted by a white hat team, instantly closing the associated file access permissions. According to the exchange, the issue has been resolved, and all associated user data has been removed. Huobi has since deleted the affected account, and no users are at risk anymore.

Despite the issue being resolved now, Phillips mentioned that it took months for the exchange to respond, and the leaked data remained online even after he gave Huobi the first notice in June 2022.

Crypto exchanges are prone to data breaches since they have access to a lot of customer data that can be used to steal funds by hackers. Coinsquare, a Canadian crypto exchange, suffered a data breach in November 2022. Its users’ information was exposed, such as phone numbers, names of investors, birth dates, public wallet addresses, and transaction history. However, the exchange affirmed that there were no passwords accessed, and the information is yet to be detected by bad actors.

Gemini Exchange also experienced a data breach that saw 5.7 million users stolen and leaked on hacking forums. Posts advertising the data from the breach first surfaced in September last year, with the data offered for 30 BTC, about $520,000. The same data was posted in November, offering the data and additional data from other exchanges. In another forum, later on, the data was offered for free. Gemini has since asked its clients to implement two-factor authentication and use hardware security keys to prevent hacking and accessing their funds.

The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.

文章来源于互联网:Huobi fixes data breach involving sensitive information for 4,960 users

Disclaimers:

1. You are solely responsible for your investment decisions and this info is not liable for any losses you may incur.

2. The copyright of this article belongs to the writer, it represents the writer's opinions only, not represents the site's ones. Not financial advice.

Previous 2023年7月5日 12:00
Next 2023年7月5日 13:23

Related articles

  • MasterCard empowers UK banks to combat payment fraud with AI-powered solution

    TL;DR Breakdown Mastercard introduces AI-powered “Consumer Fraud Risk” tool to combat payment fraud and scams in the UK. The solution leverages large-scale payments data and real-time analysis to identify and prevent various types of scams before funds leave victims’ accounts. Early adoption by TSB shows significant success, with potential savings of nearly £100 million across the UK, prompting other banks to embrace the solution. Description Financial services provider Mastercard is leading the charge against payment fraud and scams with its AI-powered tool called “Consumer Fraud Risk.” The solution, now live in the UK, leverages Mastercard’s latest AI capabilities and its unique network view of account-to-account payments to help banks predict and prevent various types of scams. According to an announcement, … Read more Financial services provider Mastercard is leading the charge against payment fraud and scams with its AI-powered tool called “Consumer Fraud Risk.” The solution, now live in the UK, leverages Mastercard’s latest AI capabilities and its unique network view of account-to-account payments to help banks predict and prevent various types of scams. According to an announcement, Mastercard has…

    Article 2023年7月8日

  • Circle unveils EUROC stablecoin on Avalanche

    TL;DR Breakdown Circle, a stablecoin issuer, has launched its Euro Coin (EUROC) on the Avalanche platform, enhancing the speed and efficiency of payments and financial services. The launch is part of Circle’s multi-chain strategy for the stablecoin, expanding its liquidity and enabling users to transact in euros along with its USD-backed stablecoin, USD Coin (USDC). EUROC is a regulated stablecoin fully backed by euro reserves held in custody at U.S.-regulated financial institutions. In a revolutionary development poised to make transactions swifter and more effective, Circle, the prominent stablecoin issuer, has announced the introduction of Euro Coin (EUROC) on the high-performance Avalanche platform. This innovative move represents the latest addition to Circle’s multi-chain strategy for the EUROC. Expanding the scope of EUROC The launch is set to increase the liquidity of EUROC and present its users with an option to execute transactions in euros, in conjunction with its USD-backed stablecoin, USD Coin (USDC). Rolled out in the previous year, EUROC is a fully regulated stablecoin, with each token supported by an equivalent quantity of euros, securely held in custody at U.S.-regulated…

    Article 2023年5月27日

  • US Treasury Secretary Janet Yellen anticipates slow decline in Dollar’s reserve currency status

    TL;DR Breakdown U.S. Treasury Secretary Janet Yellen believes the dollar’s global reserve share will gradually decline, but no alternatives can fully replace it due to unique strengths like deep financial markets and strong rule of law. Yellen acknowledged that U.S. sanctions have prompted countries to explore currency alternatives, but no meaningful workaround to the dollar as a reserve currency exists. While diversification in reserve assets is expected over time, the dollar remains the dominant reserve currency, and meaningful alternatives are unlikely despite de-dollarization efforts. US Treasury Secretary Janet Yellen, during a House Financial Services Committee hearing, stated that while the US should expect a gradual decline in the dollar’s share of global reserves, there are no viable alternatives that can completely replace the greenback. Yellen highlighted the fundamental reasons behind the dollar’s prominent role in the global financial system, such as deep and liquid financial markets, a strong rule of law, and the absence of capital controls. She acknowledged that the use of US sanctions has prompted some countries to seek currency alternatives but stressed the difficulty of finding a…

    Article 2023年6月17日

  • Valkyrie submits Ethereum futures ETF filing to the SEC

    TL;DR Breakdown Valkyrie files Ethereum futures ETF application with the SEC. The ETF will invest in ETH futures contracts, not directly in Ether. Other assets in the ETF include cash, U.S. government securities, and corporate debts. Description Determined to secure a firmer grasp on the burgeoning cryptocurrency market, Valkyrie’s latest move to submit an Ethereum futures exchange-traded fund (ETF) application to the United States Securities and Exchange Commission (SEC) showcases its commitment to innovation. This ambitious endeavor follows the asset management firm’s prior adjustment in its investment strategy for a Bitcoin futures … Read more Determined to secure a firmer grasp on the burgeoning cryptocurrency market, Valkyrie’s latest move to submit an Ethereum futures exchange-traded fund (ETF) application to the United States Securities and Exchange Commission (SEC) showcases its commitment to innovation. This ambitious endeavor follows the asset management firm’s prior adjustment in its investment strategy for a Bitcoin futures ETF, aiming to align seamlessly with regulatory expectations. Ethereum: More than Just Digital Currency Ether, the beating heart of the Ethereum blockchain, functions as more than a mere digital currency….

    Article 2023年8月17日

  • Former Celsius CEO’s fate to be determined after Oct. 3

    TL;DR Breakdown Attorneys from the United States Department of Justice have been granted additional time for discovery in the case involving former Celsius CEO, between July 25 and Oct. 3 from the Speedy Trial Act calculations. The former CEO of Celsius faces charges of securities fraud, commodities fraud, and wire fraud, which allegedly involve defrauding customers and providing misleading information about Celsius’ business practices.  Description Attorneys from the United States Department of Justice have been granted additional time for discovery in the case involving former Celsius CEO, Alex Mashinsky. U.S. District Judge John Koeltl issued an order on July 25, allowing the exclusion of the period between July 25 and Oct. 3 from the Speedy Trial Act calculations. This Act … Read more Attorneys from the United States Department of Justice have been granted additional time for discovery in the case involving former Celsius CEO, Alex Mashinsky. U.S. District Judge John Koeltl issued an order on July 25, allowing the exclusion of the period between July 25 and Oct. 3 from the Speedy Trial Act calculations. This Act requires a…

    Article 2023年7月26日
TOP