Casa > cibernético Notícias > Details of 25,000 Usuários Bezop Token para Exposed por MongoDB Banco de Dados
CYBER NEWS

Detalhes de 25,000 Usuários Bezop Token para Exposed por MongoDB Banco de Dados

pesquisadores de segurança da Kromtech Recentemente, deparei com um banco de dados MongoDB que continha os dados pessoais de mais de 25,000 usuários que investiram no Bezop (SEM) símbolo. O banco de dados continha uma abundância de detalhes pessoais, incluindo nomes completos, endereços residenciais, endereço de e-mail, encrypted passwords, wallet information, scanned passports, driver’s licenses and in other cases – IDs.

Mais especificamente, the database encompassed personal details on 6,500 ICO investors. The rest of the details belonged to users who took part in the public bounty program for which they received Bezop tokens.

Story relacionado: 7.8 Bilhões de registros comprometidos por violações de dados em 2017 Sozinho

More about the Bezop Platform

The platform’s white paper explains that Bezop is a decentralized peer-to-peer ecommerce order management and processing system, an autonomous buyer-seller protection service, and a simple value added tax (CUBA) collection systemall powered by smart contracts and built on a decentralized blockchain network.

Why was this information held in the database in the first place? The abundance of personal details was needed for a bounty program initiated by the Bezop team. The program took place earlier in 2018 when the Bezop platform gave away tokens to users who promoted BEZ on their own social media accounts.

MongoDB Data Incident Officially Confirmed

A company representative has already admitted to this data breach, explaining that the MongoDB database was negligently exposed online in the midst of a DDoS attack its developers were dealing with. The DDoS attack took place on January 8, and it proves how devastating these attacks are to businesses.

Felizmente, no user funds were compromised during this time, and the database has already been secured. Não obstante, it is still a troubling incident as the database lacked authentication system meaning that anyone connecting to it could access the stored personal details of thousands of users.

Story relacionado: MongoDB Ransomware Ataques Servidores Misconfigured

This is not the first incident involving MongoGB databases. Em janeiro 2017, misconfigured MongoDB databases became targets of ransomware.

Os servidores que executam MongoDB foram alvo primeira vez em dezembro 2016, but the scale of the malicious attempts was small. The situation quickly escalated, because many of the compromised databases hadn’t been set to require a password for access. This lack of authentication once again made remote attacks easy to accomplish.

Milena Dimitrova

Um escritor inspirado e gerente de conteúdo que está com SensorsTechForum desde o início do projeto. Um profissional com 10+ anos de experiência na criação de conteúdo envolvente. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:
Twitter

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

Compartilhar no Facebook Compartilhar
Carregando...
Compartilhar no Twitter chilrear
Carregando...
Compartilhar no Google Plus Compartilhar
Carregando...
Partilhar no Linkedin Compartilhar
Carregando...
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Carregando...
Partilhar no StumbleUpon Compartilhar
Carregando...