FB pixel

User IDs and passport data leaks for 230K crypto users in Iran

| Bianca Gonzalez
Categories Biometrics News  |  Civil / National ID  |  Financial Services
User IDs and passport data leaks for 230K crypto users in Iran
 

A data leak from Iranian crypto exchange bit24.cash has exposed personal data from nearly 230,000 Iranian citizens, according to Cybernews.

Iran has taken up cryptocurrency significantly due to limited access to foreign markets. In 2023, Iranian crypto exchanges saw almost $3 billion in transactions.

Bit24.cash supports over 300 coins and tokens. Users complete a KYC process where they confirm their identity by uploading identity documents.

Cybernews researchers found a misconfigured MinIO that granted access to S3 buckets containing users’ KYC data. MinIO is an S3 compatible object storage system for large scale machine learning and data workloads.

The misconfiguration exposed users’ passports, ID documents, and credit cards, as well as written consent to regulations. The leak has since now been secured, according to the report.

“This breach poses a severe threat, as threat actors could potentially exploit the exposed data for identity theft, fraudulent transactions, and phishing attacks,” said the Cybernews researchers. “With access to such comprehensive personal and financial data, malicious actors could impersonate individuals, gain unauthorized access to accounts, execute fraudulent transactions, and potentially cause substantial financial and personal harm to the affected users.”

Hossein Amini, a security engineer at bit24.cash, officially responded to the claims on behalf of the company via email to Cybernews. The company says the claims are “inaccurate and misleading,” alleging it found no evidence of a data breach or unauthorized access to user information.

“The reference to a misconfigured MinIO instance granting access to S3 buckets containing KYC data is wholly untrue and does not align with our system architecture or security protocols,” said Amini. “We can confirm that our MinIO setup and cloud storage containers remain secure, and there has been no unauthorized access to any sensitive user data.”

An Ondato report delved into the relationship between ID documents and cryptocurrency fraud last year.

Article Topics

 |   |   |   | 

Latest Biometrics News

 

Harmonized digital driving license in EU approved as part of driving reform package

The EU is getting closer to a harmonized mobile driver’s license (mDL) with the approval of a provisional deal on…

 

DARPA taps Aptima to bring media forensics to market amid deepfake surge

The Defense Advanced Research Projects Agency (DARPA) has awarded a commercialization contract to Aptima, Inc. that marks a critical inflection…

 

Parsons secures sole source deal to equip U.S. Air Force with biometric kits

The U.S. Air Force Air has issued a notice of intent to award a sole-source contract to Parsons Corporation for…

 

Gov.uk Wallet ‘empowering the market,’ says Kyle, in big win for OSPs

After a tense few weeks, the UK government has released the working principles for the Gov.uk Wallet plan that has…

 

Biometrics integrations, identity intelligence improve financial services onboarding

Major integrations for Fourthline and BioCatch are expanding the reach of their biometric user onboarding and KYC technologies, as financial…

 

Pakistan introduces digital birth, death registration in health facilities

Pakistan has taken a decisive move to streamline birth and death registration by digitizing the process and making services available…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Continue Reading

Biometric Market Analysis

Most Viewed This Week

Featured Company

Learn More

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events