- cross-posted to:
- cryptocurrency@lemmit.online
- cardano@infosec.pub
- cross-posted to:
- cryptocurrency@lemmit.online
- cardano@infosec.pub
Comment
I hope nobody loses their shirt over this.
Summary
- Sensitive data exposed: Internal code, infrastructure diagrams, passwords, and other technical information were publicly accessible on GitHub for months.
- Source unclear: Unclear if an outside hacker or Binance employee accidentally uploaded the data.
- Potential risk: Information could be used by attackers to compromise Binance systems, though Binance claims “negligible risk”.
- Data details: Included code related to passwords and multi-factor authentication, diagrams of internal infrastructure, and apparent production system passwords.
- Binance response: Initially downplayed the leak, later acknowledged data was theirs but downplayed risk.
- Current status: Data removed from GitHub via copyright takedown request.
- Unclear if any malicious actors accessed the data.
Again, centralized exchanges are like public toilets. Get in, do your business, and get the fuck out. This is a good argument against KYC as well, since if they don’t have data, they can’t leak data.