Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa and the Asia Pacific
Iranian Crypto Exchange Misstep Exposes User Details
Iranian citizens' personal details were left visible online due to a misconfigured storage system.
A misconfigured object storage system used by Iranian crypto exchange bit24.cash has exposed the personal details of approximately 230,000 citizens in Iran.
Researchers from Cybernews reported that the oversight in bit24.cash's MinIO left unprotected and open online S3 buckets storing users' verification documents, including consent letters, passport information, and credit card details. MinIO is an S3-compatible open source object storage system that handles unstructured data.
Hossein Amini, security engineer at bit24.cash, told Cybernews there was no evidence of a data breach or unauthorized access to that sensitive user information, and user security and data protection are "utmost priorities." The researchers confirmed that the storage instance has now been secured and is no longer accessible.
Unsecured access to S3 buckets has been the cause for a number of breaches, including a 2022 case where 3TB of airport data was left exposed.
Read more about:
DR Global Middle East & AfricaAbout the Author
You May Also Like
The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024The Right Way to Use Artificial Intelligence and Machine Learning in Incident Response
Nov 20, 2024Safeguarding GitHub Data to Fuel Web Innovation
Nov 21, 2024