A cryptocurrency platform exposed sensitive data of 25,000 users

Bezop, a cryptocurrency startup exposed highly personal details of more than 25,000 of its investors online which were publicly accessible to anyone with an Internet connection.

The platform which is supported by John McAfee left the personal details exposed due to an unprotected MongoDB database. The exposed data included full names, email addresses, physical addresses, wallet information, encrypted passwords, copies driver’s license and passports.

The database was discovered by researchers at Kromtech Security on March 30th, 2018 but Bezop itself claims that the data was exposed in January this year and affected investors were already informed.

However, once the reports emerged online the company updated its blog post and stated that in January 2018, unknown malicious hackers conducted DDoS on Bezop cyberinfrastructure and additionally some security flaws led to the exposure of user data.

Bezop cryptocurrency platform exposed sensitive details of 25,000 users
Image credit: Kromtech Security

On the other hand, Bob Diachenko, Kromtech’s Chief Communication Officer stands by their findings and mention that they discovered the data on March 30th. Nevertheless, an exposed MongoDB means business for cybercriminals since just a month ago it was reported that malicious attackers are taking over unprotected MongoDB databases and holding them for ransom.

In one of the cases, Kromtech researchers tested the sophistication of attackers targeting MongoDB databases. In the test, attackers not only took over the honeypot MongoDB database but also wiped out 30GB of fake data before leaving a ransom note – All this was done within 13 seconds.

Therefore, whether Bezop incident took place in January or March, the point to focus is that it could have been worse for the company if the database was taken over by hackers. It must be noted that this is not the first time when Bezop has been caught up in controversy. A few months ago, the company sent usernames along with passwords in cleartext format.

In January, McAfee tweeted about the company in following words:

“Bezop is a distributed version of Amazon.com. It allows the simple and secure creation of e-commerce sites – searchable in the same manner as Amazon – but with no Amazon as a middleman. This could be as huge as it gets in the blockchain world.”

Since McAfee is listed as one of the of the board advisors for Bezop the company should focus on the “security” side of the things more often rather than putting investors’ online and physical security at stake.

Image credit: Shutterstock

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.