Crypto exchange Fiatusdt leaked trove of users KYC data

The database was exposed due to a misconfigured AWS S3 bucket.

The server was exposed to the public without any password or security authentication, allowing access to tens of thousands of passport and ID card copies.

In recent news, Jeremiah Fowler of Website Planet discovered an exposed database belonging to the online currency exchange platform, Fiatusdt. The database contained cryptocurrency sales records, including customer names, bank account numbers, purchase and sales records, and other sensitive information.

Online currency exchanges are internet-based platforms that facilitate the transfer of currencies for distribution in a stable, centralized setting between countries or companies. Like their physical counterparts, online currency exchanges make money by charging a nominal fee and/or through the bid-ask spread in a currency.

Amongst the exposed information were Know Your Customer (KYC) compliance records and identification images, which were particularly concerning as they contained sensitive information that proved the identity of customers.

Fowler reported having viewed as many as 20,000 passport and identity card images. The customer ID documents appeared to belong to individuals from all over the world, including the following countries:

  1. Oman
  2. China
  3. India
  4. Malaysia
  5. Australia
  6. Indonesia
  7. Singapore and others.

According to Website Planet’s blog post, it is still unclear how many users were affected by the data leak since the total number of records could not be seen, and whether or not the exposed records were accessed by anyone before being discovered.

Publically leaked folders and one of the ID cards (Image credit: Website Planet)

The database also contained screenshots of deposit and withdrawal amounts, which exposed bank transfer records identifying customer names, account numbers, email addresses, phone numbers, and other sensitive information.

Additionally, transaction IDs and wallet addresses for transactions were present in the database.

This database was exposed due to a misconfigured AWS storage name and address, which allowed public access. This resulted in the database being open and accessible to anyone with an internet connection.

The company was notified of the breach through a responsible disclosure notice, and public access to the database was subsequently closed.

  1. Cryptoworm infecting AWS Cloud to mine cryptocurrency
  2. 350M email IDs exposed on misconfigured AWS S3 bucket
  3. Pegasus Airlines Leaked 6.5TB Data in AWS Bucket Mess Up
Related Posts