Kromtech Security has revealed a data breach tied to investors of the Bezop cryptocurrency. The cybersecurity firm made the announcement on April 25, 2018. The leak exposed confidential information about investors of the Bezos cryptocurrency.
Details of the Data Breach
The sensitive information exposed by the breach include full names, wallet information, and even scanned photos of ID documents. More than 25,000 investors were affected by the leak. Apparently, the team at Bezop had failed to secure a MongoDB database, thus opening the way for hackers. Bezop is a startup cryptocurrency company with its own blockchain-powered e-commerce app platform.
Conflicting Reports
Bezop posted an announcement via its Medium account stating that it was already aware of the leak and that the issue had been resolved since January 2018. According to the announcement, the platform had suffered a DDoS attack which had exposed some unsecured databases on the platform. Deryck Jones, the CTO of Bezop confirmed the data breach and said that all investors were notified. He also confirmed the fact that the issue had been resolved and that the affected databases had been secured.
Despite reassurances, a Twitter user claims to have seen the leaked database online as recently as March 30, months after it was supposedly secured by Bezop. The cryptocurrency startup insists that the only breach was in January and any new reports are simply “old news.” It is important to note that the Kromtech report confirms the database leak.
Another bit of controversy – perhaps more concerning than the leak itself – is that the leak appears to have been deliberately orchestrated. According to Kromtech researchers, changes made to MongoDB protocol makes it impossible for such a mistake to occur accidentally. This means that the database was intentionally configured to be accessible to the public.
The John McAfee Connection
John McAfee, the cybersecurity tycoon, is one of the investors exposed by the leaked database. He is also listed as an advisor on the Bezop website. McAfee has previously touted the platform as having the potential to challenge Amazon in the e-commerce scene. The Bezop Medium post also indicated that McAfee had been paid to promote the platform. McAfee who has more than 800,000 followers on Twitter charges as much as $105,000 to promote ICOs on his Twitter account.
What do you think of the Bezop leak? Was it deliberately orchestrated or just a case of poor security? Let us know your views in the comment section below.
Image courtesy of Wikimedia Commons, DepositPhotos, Shutterstock