Data of more than 500 thousand customers of cryptocurrency exchanges destroyed

Cybernews experts have discovered that the personal data of users of nine cryptocurrency exchanges was disclosed and available online for more than two months. The incident affected more than 500,000 customers.

Researchers confirmed the data breach on the following platforms:

Sova[.]gg
coinstart[.]cc
pocket-exchange[.]com
onemoment[.]cc
cripta[.]cc
metka[.]cc
alt-coin[.]cc
ferma[.]cc
in-to[.]cc

Despite the fact that these exchanges are not very large, the scale of the leak is significant. The collected data contains sensitive information:

• full user names;
• credit card numbers;
• email addresses
• IP addresses;
• amounts for payment or withdrawal requests;
• various authentication data (e.g., user agent).

In total, the leak revealed more than 615,000 payment requests and more than 28,000 withdrawal requests.

Given that cryptocurrency exchanges are often used to conceal illegal transactions, this leak will be useful for law enforcement and cybersecurity researchers around the world.

The leak was initially discovered on October 10, and the information was available for almost 2 months. Although the server’s IP address was active, all data was recently destroyed by a malicious script. It is unclear who is currently behind the leak and subsequent destruction of the data.

The researchers point out that the data was stored using MongoDB, but the incorrect configuration allowed third parties to gain unrestricted access and disclose the data.

Users of the affected platforms are advised to be on the lookout. The leak makes them vulnerable to fraudulent activities such as identity theft, phishing, and other social engineering attacks. They should immediately change passwords and enable multi-factor authentication.