Iranian crypto exchange Bit24 reportedly leaks 230,000 users’ KYC data
Iranian crypto exchange Bit24.cash has reportedly leaked the personal and financial details of its 230,000 users following a security flaw in its know-your-customer (KYC) database. The exchange ’s KYC and anti-money laundering (AML) measures stipulate that users must submit a photo of themselves alongside their ID, credit card, and written consent to trade on the site. However, a report from Cybernews details a flaw in the exchange’s cloud software that has let slip the identifying details of its customers. According to the report, researchers accessed KYC data stored in S3 buckets, a form of cloud storage, by exploiting a misconfigured MinIO. An image of leaked data from the KYC database, purportedly exposing a user’s personal details. Read more: Chinese billionaire behind Himalaya Exchange indicted for $1B scheme Researchers say this flaw “ poses a severe threat , as threat actors could potentially exploit the exposed data for identity theft, fraudulen...