Personal data of customers at nine Russia-based cryptocurrency exchanges was exposed for more than two months due to a security incident, the Cybernews Research team found.
The exposed information included highly sensitive data such as full names, credit card numbers, email addresses, IP addresses, payment and withdrawal request amounts, transaction descriptors like BTCRUB, and additional authentication details like user agents. The leaked data encompasses more than 615,000 payment requests and over 28,000 withdrawal requests.
The affected exchanges include sova[.]gg, coinstart[.]cc, pocket-exchange[.]com, onemoment[.]cc, cripta[.]cc, metka[.]cc, alt-coin[.]cc, ferma[.]cc, in-to[.]cc.
While these are relatively small players in the crypto space, the leak could be a potentially valuable resource for law enforcement agencies and cybersecurity researchers worldwide as Russian crypto exchanges have often been linked to facilitating illicit activities, the research team noted.
The discovery was made on October 10, 2023, when the team identified a MongoDB server that was leaking sensitive personal data due to a misconfiguration.
Interestingly, a malicious script was planted on the server that destroyed all the data. At this point, it’s unclear who is responsible for the leak and the consequent destruction of the data, the researchers noted.
