Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Iranian crypto exchange Bit24.cash leaks user passports and IDs

Bit24.cash has inadvertently exposed sensitive data belonging to nearly 230,000 users, as revealed by Cybernews research. Due to its limited access to foreign financial markets, Iran has embraced cryptocurrency significantly. Last year, Iranian crypto exchanges facilitated transactions totaling nearly $3 billion. Almost all incoming crypto volume in Iran adheres to Know Your Customer (KYC) requirements. […]

Bit24.cash data leak

Data example. A user holding its written consent to the platform rules, his credit card and ID attached and visible, too.

Bit24.cash has inadvertently exposed sensitive data belonging to nearly 230,000 users, as revealed by Cybernews research.

Due to its limited access to foreign financial markets, Iran has embraced cryptocurrency significantly. Last year, Iranian crypto exchanges facilitated transactions totaling nearly $3 billion. Almost all incoming crypto volume in Iran adheres to Know Your Customer (KYC) requirements.

Bit24.cash, Iran’s over-the-counter crypto exchange supporting over 300 coins and tokens, is no exception. During the KYC process, which aims to curb criminal activity, users are required to confirm their identity by uploading official documents. Considering the sensitive nature of these documents shared with exchanges, users rightfully expect organizations to safeguard them securely.

However, Cybernews researchers uncovered a misconfigured MinIO (a high-performance object storage system) instance, inadvertently granting access to S3 buckets (cloud storage containers) containing the platform’s KYC data.

Bit24.cash data leak
Data example. A user holding its written consent to the platform rules, his credit card and ID attached and visible, too.

This misconfiguration compromised approximately 230,000 Iranian citizens, exposing their written consent to regulations, as well as passports, IDs, and credit cards.

We reached out to the company but did not receive a response before publishing this article. The instance has since been secured and is no longer accessible.

Cybernews researchers emphasized the critical nature of compromised KYC verification data on cryptocurrency exchange platforms.

If you want to know more about this case take a look at the original post:

https://cybernews.com/security/iranian-crypto-exchange-leaks-passports/

About the author: Jurgita Lapienytė, Chief Editor @CyberNews

Follow me on Twitter: @securityaffairs and Faceboo and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Bit24.cash)