Binance CEO Changpeng Zhao on Sunday issued a warning that thousands of leaked resident records are now for sale on the dark web. He also called for enhanced security measures to protect users and their data from malicious actors.
According to the CEO, who is popularly known as CZ, a billion resident records, including not just names and addresses but also national ID, police and medical records from an Asian country, are now up for sale on the dark web. “Our threat intelligence detected 1 billion resident records for sell in the dark web, including name, address, national id, mobile, police and medical records from one Asian country,” his tweet read.
While he did not disclose the country’s name, he mentioned that the leaked data was most likely due to a “bug in an Elasticsearch deployment by a government agency.” CZ called for “security measures” enhancement in “hack detection/prevention measures.”
On top of those, CZ shared that Binance, one of the largest cryptocurrency exchange platforms in the world, “has already stepped up verifications for users potentially affected.” This is not the first time a treasure trove of sensitive customer data due to an Elasticsearch server was leaked online.
It may be recalled that last month, researchers at Safety detectives, a security product recommendation service, discovered nearly a million customer records exposed on an Elsticsearch server run by Storehub, a Malaysian point-of-sale software vendor.
The security experts described the exposed StoreHub server as “left open without any password-protection or encryption,” adding that it has “potentially compromised the information of thousands of restaurants and retail stores, along with their staff and roughly 1 million customers.”
The cybersecurity team further disclosed that “Storehub had misconfigured one of their Elasticsearch servers, causing it to leak over 1.7 billion records and over 1 terabyte of data.” They said the incident “exposed almost 1 million customers in Malaysia and potentially across Southeast Asian countries.”
Among exposed data includes “full names, phone numbers, physical addresses, email addresses and type of device used.” The security experts also said that other data related to payments and order information of customers were also exposed, including “transaction dates, ordered items and store locations.”