1. BITBILIHome
  2. Article

Huobi fixes data breach involving sensitive information for 4,960 users

75 views

TL;DR Breakdown

  • Crypto exchange Huobi has fixed its data breach after a massive data leak that allegedly put users’ funds at risk since June 2021
  • The exchange risked exposure of its sensitive information, such as VIP user data and technical infrastructure of the exchange
  • However, it took months for the exchange to respond to the white hat hacker

Description

Crypto exchange Huobi has fixed its data breach after a massive data leak that allegedly put users’ funds at risk since June 2021. The data leak had information on almost all the over-the-counter (OTC) transaction information from 2017 to 2021, with some of the data being VIP user data and information on the technical infrastructure … Read more

Crypto exchange Huobi has fixed its data breach after a massive data leak that allegedly put users’ funds at risk since June 2021. The data leak had information on almost all the over-the-counter (OTC) transaction information from 2017 to 2021, with some of the data being VIP user data and information on the technical infrastructure of the exchange.

Huobi risked exposure of its sensitive information 

White hat hacker and citizen journalist Aaron Phillips disclosed the Huobi data breach. The white hacker explained that an attacker exploiting Huobi’s vulnerability would have had the opportunity to achieve the largest crypto theft in history. Anyone accessing the exchange’s credentials could have changed their domains, including hbfile.net and huobi.com. In addition, their internal documents and user data could be exposed.

According to previous reports, the company handles over a billion dollars daily in trading volume. Hence, users’ accounts and crypto assets would have been stolen if they hadn’t taken action to fix the leak. Phillips emphasized the potential for malicious scripts to be injected into Huobi’s content delivery networks (CDNs) and websites. According to him, the CDNs might have compromised all Huobi login pages, possibly harming anyone who used a Huobi website or app over the previous two years.

The exchange risks exposure to sensitive information, including the contact information and account balances of cryptocurrency users, and it puts customers at risk of losing their accounts and crypto assets. According to Phillips, this includes Huobi’s over-the-counter (OTC) trade data as well as a database of cryptocurrency whales. He confirmed, however, that no breach was carried out using the data leak.

Huobi fixes data breach

According to the exchange, which confirmed the occurrence, it was caused by the appropriate staff members’ irregular conduct in the S3 barrel of the Japanese station’s test environment. On October 8, 2022, all pertinent user data was isolated. 

The exchange asserted that the leakage was small-scale, involving 4,960 individuals. It added that the leaked information did not have sensitive information and never affected user accounts and the security of their assets. 

Huobi further stated that the Huobi Japanese and Huobi Global sites are separate entities. On June 21, 2023, the Huobi Security Team immediately took action after being alerted by a white hat team, instantly closing the associated file access permissions. According to the exchange, the issue has been resolved, and all associated user data has been removed. Huobi has since deleted the affected account, and no users are at risk anymore.

Despite the issue being resolved now, Phillips mentioned that it took months for the exchange to respond, and the leaked data remained online even after he gave Huobi the first notice in June 2022.

Crypto exchanges are prone to data breaches since they have access to a lot of customer data that can be used to steal funds by hackers. Coinsquare, a Canadian crypto exchange, suffered a data breach in November 2022. Its users’ information was exposed, such as phone numbers, names of investors, birth dates, public wallet addresses, and transaction history. However, the exchange affirmed that there were no passwords accessed, and the information is yet to be detected by bad actors.

Gemini Exchange also experienced a data breach that saw 5.7 million users stolen and leaked on hacking forums. Posts advertising the data from the breach first surfaced in September last year, with the data offered for 30 BTC, about $520,000. The same data was posted in November, offering the data and additional data from other exchanges. In another forum, later on, the data was offered for free. Gemini has since asked its clients to implement two-factor authentication and use hardware security keys to prevent hacking and accessing their funds.

The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.

文章来源于互联网:Huobi fixes data breach involving sensitive information for 4,960 users

Disclaimers:

1. You are solely responsible for your investment decisions and this info is not liable for any losses you may incur.

2. The copyright of this article belongs to the writer, it represents the writer's opinions only, not represents the site's ones. Not financial advice.

Previous 2023年7月5日 12:00
Next 2023年7月5日 13:23

Related articles

  • Thailand’s KBank launches $100 Million fund for Web3 and AI startups

    TL;DR Breakdown Thailand’s KBank has launched a $100 million venture capital fund, KXVC, managed by its tech subsidiary Kasikorn Business Technology Group, to invest in Web3 and AI startups globally. The fund aims to counter the declining investment volumes in the crypto venture capital market by focusing on high-growth startups in emerging technology sectors. KXVC’s global focus, covering the Asia Pacific, the U.S., the EU, and Israel, positions KBank as a leader in technological innovation and could set the stage for future advancements in Web3 and AI. Description Thailand’s financial giant, Kasikorn Bank, commonly known as KBank, has made a new move by earmarking $100 million for a venture capital fund. This fund, known as KXVC, is an initiative spearheaded by the bank’s technological division, Kasikorn Business Technology Group (KBTG). With a global reach that includes the Asia Pacific region, the United States, … Read more Thailand’s financial giant, Kasikorn Bank, commonly known as KBank, has made a new move by earmarking $100 million for a venture capital fund. This fund, known as KXVC, is an initiative spearheaded by the…

    Article 2023年9月15日

  • Bitcoin mining stocks are dominating 2023 with over 200% yearly growth

    TL;DR Breakdown Bitcoin mining stocks, especially Cipher Mining (CIFR), have seen astounding growth in 2023, with CIFR rising almost 400%. Mainstream market indices pale in comparison to the gains observed in the Bitcoin mining sector, which outpaces even major tech stocks. Institutional investors are turning to Bitcoin mining stocks as alternatives to direct Bitcoin investment, but the volatile nature of the sector calls for caution. Description Bitcoin mining, once a niche market, has witnessed unprecedented growth in 2023, especially with stocks like Cipher Mining (CIFR) showcasing a spectacular near-400% rise. Despite a recent 10% dip in Bitcoin’s value, largely attributed to speculations about SpaceX’s possible sale of its crypto holdings, its annual increment stands firmly at 50%. This positions the pioneering … Read more Bitcoin mining, once a niche market, has witnessed unprecedented growth in 2023, especially with stocks like Cipher Mining (CIFR) showcasing a spectacular near-400% rise. Despite a recent 10% dip in Bitcoin’s value, largely attributed to speculations about SpaceX’s possible sale of its crypto holdings, its annual increment stands firmly at 50%. This positions the pioneering cryptocurrency…

    Article 2023年8月20日

  • Coinbase gains Bank of Spain’s nod for Bitcoin exchange expansion

    TL;DR Breakdown Coinbase receives official recognition from the Bank of Spain as a Bitcoin exchange and custodial wallet provider. With the approval, Coinbase can now serve individual and enterprise customers in Spain, offering a range of crypto services. The MiCA regulation in the European Union provides much-needed clarity for the crypto industry, signaling positive legislative support. Description Coinbase, the renowned crypto exchange, has achieved a significant milestone in its global expansion. The Bank of Spain officially recognized and approved Coinbase as a cryptocurrency exchange and custodial wallet provider. This move is a part of Coinbase’s ambitious “Go Broad, Go Deep” strategy for international growth, specifically targeting Phase II in Spain. Moreover, on … Read more Coinbase, the renowned crypto exchange, has achieved a significant milestone in its global expansion. The Bank of Spain officially recognized and approved Coinbase as a cryptocurrency exchange and custodial wallet provider. This move is a part of Coinbase’s ambitious “Go Broad, Go Deep” strategy for international growth, specifically targeting Phase II in Spain. Moreover, on September 23rd, Coinbase shared this development through a blog post….

    Article 2023年9月24日

  • Japan gets ready to dominate global AI chip war

    TL;DR Breakdown Tokyo-based JSR accepted a $6.4 billion buyout offer from the JIC to strengthen Japan’s position in the global semiconductor supply chain. Despite some concerns of covert nationalization, JSR maintains the move is to enhance Japan’s global competitiveness. Analysts see the buyout as a landmark move to prioritize national strategy over financial reasoning. Description A global tech battle is brewing as Japan prepares to carve out its niche in the increasingly contentious AI chip war. Fueled by a government-backed deal, Tokyo-based JSR is poised to strengthen Japan’s stronghold in this heated US-China race for semiconductor supremacy. Unraveling the JSR puzzle Securing a pivotal position in the global semiconductor supply … Read more A global tech battle is brewing as Japan prepares to carve out its niche in the increasingly contentious AI chip war. Fueled by a government-backed deal, Tokyo-based JSR is poised to strengthen Japan’s stronghold in this heated US-China race for semiconductor supremacy. Unraveling the JSR puzzle Securing a pivotal position in the global semiconductor supply chain, JSR recently welcomed a surprising buyout offer from the Japan Investment…

    Article 2023年7月6日

  • Apple users beware: New malware hijacks crypto via fake blockchain games

    TL;DR Breakdown “Realst”, a new infostealer malware, targets Apple macOS users through fake blockchain games. The malware silently scrapes web browser data, including passwords, and can quickly drain cryptocurrency wallets. Users can protect themselves by only installing apps from the official Mac App Store, verifying links, using strong passwords, enabling two-step authentication, and keeping devices and applications updated. Description Security researchers have identified a new infostealer malware named “Realst”, which is currently being used by cybercriminals to target Apple macOS users, including those on the upcoming macOS 14 Sonoma.  However, Web3 security firm SlowMist warned through a blog post that the malware is being propagated through fake blockchain games such as Brawl Earth, WildWorld, … Read more Security researchers have identified a new infostealer malware named “Realst”, which is currently being used by cybercriminals to target Apple macOS users, including those on the upcoming macOS 14 Sonoma.  However, Web3 security firm SlowMist warned through a blog post that the malware is being propagated through fake blockchain games such as Brawl Earth, WildWorld, Dawnland, Destruction, Evolion, Pearl, Olymp of Reptiles, and…

    Article 2023年7月27日
TOP