+420 720 069 420

Huobi Crypto Exchange Rectifies Security Breach That Exposed User Data

July 4, 2023
MCP News Free

Huobi Crypto Exchange Rectifies Security Breach That Exposed User Data

Share and Get Popular🚀

Huobi, one of the world’s notable cryptocurrency exchanges, has silently addressed a significant security vulnerability that reportedly left user assets exposed for two years. 

According to Aaron Phillips, a white hat hacker and researcher, Huobi inadvertently released a file containing Amazon Web Services (AWS) credentials in June 2021. This file leaked the contact and account details of 4,960 “crypto whales” and various internal documents.

Phillips suggested that this data breach could have resulted in “the largest crypto theft in history” if exploited by a malicious actor. He stated, “Anyone could have used the credentials to modify content on the huobi.com and hbfile.net domains, among others. I had full control over data from almost every aspect of Huobi’s business.”

Phillips first warned Huobi about the leakage in June last year, but it took the exchange five months to respond and act on the leak. Huobi finally revoked its credentials in June 2023. The most critical aspect of the breach was the access to write privileges to Huobi’s content delivery networks (CDNs) and websites.

Phillips also claimed that the leak exposed a database of over-the-counter (OTC) trades dating back to 2017. This database contained user account information, transaction details, and the IP addresses of traders in a 2TB downloadable file. The breach also revealed the inner workings of Huobi’s production infrastructure and allowed access to alter JSON files of the firm’s NFT project – Utopo.

In response to the incident, Huobi stated on June 1 that the OTC data breach mentioned by Phillips was “not real, but test data.” The leaks involved user information of only 4000 users. According to Huobi exchange, the data breach occurred “due to improper operations by personnel related to the S3 bucket in the testing environment of the Huobi Japanese AWS site. The relevant user information was completely isolated on October 8, 2022.” The exchange also denied that the leak involved sensitive information and did not affect user accounts and fund security.

Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments

Recent Articles

Follow Us

Facebook Instagram Twitter Linkedin Youtube

Trade Crypto Like a PRO

Decrease the risk of losing everything you have.

A team of 4 professional traders is sharing their personal daily trade setups with you.

Imagine finally having the right strategy, insights and knowledge to profit from the volatile crypto market movements consistently.

Safe Time, and Start Trading Like a PRO Today
SHOW ME

STOP THE RISK

Of losing everything you have

A team of 4 professional traders is sharing their personal daily trade setups with you.
Imagine finally having the right strategy, insights, and knowledge to profit from the dangerously volatile crypto market movements consistently.
Save time and start trading like a PRO today, or join the waiting list if seats are still full, and enjoy our FREE services in the meantime.
SHOW ME

Useful Links

Company

Education

Social Media

© 2016-2024 MyCryptoParadise. All Rights Reserved.

Dark Mode