Huobi has been leaking user data for two years

Cryptocurrency exchange Huobi has fixed a data breach that has reportedly put users’ assets at risk since June 2021. White hacker Aaron Phillips drew attention to this.

According to him, the violation was related to the disclosure of credentials that give write access to all baskets of Huobi AWS S3 cloud storage. Phillips first notified the exchange of the incident in June 2022.

Phillips claims that the severity of the hack was significant and could have resulted in “the biggest theft of cryptocurrencies in history.” However, he found no evidence that the breach was used to carry out the attack.

The hacker highlighted the vulnerability of content delivery networks (CDNs) and Huobi sites that could lead to the injection of malicious scripts. According to him, CDNs could have compromised every Huobi login page, potentially affecting every user who has logged into the Huobi website or app over the past two years.

Representatives of the exchange said in a comment to The Block that their specialists deleted the compromised account, closed file permissions and protected the cloud storage on June 21. At the same time, the contact information of 4960 clients of the trading platform got into open access.

The company emphasized that the Japanese exchange website and the global platform are not connected.

In December 2022, the Gemini cryptocurrency exchange reported a leak of user data as a result of a series of phishing attacks.

Source: bitcoinlinux.com