The cryptocurrency company Bezop, exposed personal details of more than 25,000 of its online investors, the data became public access to anyone with a computer, experts in information security said.
This platform had the leak of personal data due to a poorly protected MongoDB database. The exposed data includes full names, e-mail addresses, physical addresses, wallet information, encrypted passwords, copies of driver’s license and passports.
The database was found by professionals of Kromtech Security on March 30, 2018, but Bezop states that the data was exposed in January of this year and the affected investors were already informed.
However, once the reports appeared online, the company updated its publication and stated that in January, malicious hackers carried out a DDoS attack on Bezop’s cyber infrastructure and, in addition, security flaws led to the exposure of the user’s data.
Meanwhile, Kromtech communications director Bob Diachenko supports his findings and mentions that they discovered the data on March 30. However, MongoDB exposed means business for the criminals, since a month ago it was reported that attackers seized the unprotected MongoDB databases and held them in exchange for a ransom.
In one case, Kromtech’s information security professionals tested the sophistication of attackers targeting MongoDB databases. In the test, the attackers not only took charge of the MongoDB database of the honeypot, but also eliminated 30 GB of false data before leaving a ransom note: this was done in 13 seconds.
If the Bezop incident took place in January or March, it does not matter because you have to focus on what could have been worse for the company if the database had been taken by the hackers. This is not the first time that Bezop has been involved in a controversy. A few months ago, the company sent user names along with passwords in plain text format.
In January, McAfee tweeted about the company: “Bezop is a distributed version of Amazon.com; it allows simple and secure creation of e-commerce sites, which can be searched in the same way as Amazon, but without Amazon as an intermediary. It could be as big as possible in the blockchain world. ”
McAfee is listed as one of the advisors to Bezop’s board of directors, which is why the company should focus more on the “information security” side instead of jeopardizing the physical and online security of investors.