key takeaways:
- Crypto pioneer , Huobi has rectified a data breach that would have allowed access to the company’s cloud storage.
- Huobi inadvertently disclosed a set of credentials that granted write access to all of their Amazon Web Services S3 buckets.
In an age where digital transactions and cryptocurrency have become increasingly prevalent, the importance of data security cannot be overstated. In recent times, the leading digital asset exchange, Huobi, faced a significant challenge when 4,960 contact details were leaked during a data breach.
Huobi has successfully resolved a significant data breach that occurred in June 2021. The breach involved a massive data leak, potentially jeopardizing users’ funds.
The leaked data encompassed nearly all over-the-counter (OTC) transaction details spanning from 2017 to 2021, including VIP user information and technical infrastructure data of the exchange.
The hack began when the Huobi cloud storage account’s AWS S3 folder write access credentials were made public. This puts user data at danger because anyone having access to these credentials might possibly change the content on Huobi’s domains.
The business hosts its CDNs and webpages using S3 buckets. The credentials may have been used by anyone to change the content on a variety of domains, including hbfile.net and huobi.com. User information and internal papers were also made public as a result of the Huobi credential leak.
If Huobi hadn’t taken immediate action, this breach might have been used to steal assets and user accounts. There is no longer a danger to the company’s users because the compromised account was terminated.
The Huobi data breach was revealed by Aaron Phillips, a white hat hacker and citizen journalist. Phillips highlighted that if an attacker had exploited Huobi’s vulnerability, it could have potentially resulted in the largest cryptocurrency theft ever recorded.
By gaining access to the exchange’s credentials, the attacker would have had the ability to manipulate domains such as hbfile.net and huobi.com, potentially exposing internal documents and user data.
According to Huobi, the breach this time entailed the small-scale disclosure of 4,960 customer contact details. “The type of information that was disclosed didn’t involve sensitive information and didn’t compromise the security of user accounts or funds.“
On June 22, 2021, the issue happened as a result of staff members mishandling the S3 bucket during testing at the Huobi Japanese AWS site.
On October 8, 2022, all pertinent user data was totally segregated.
Crypto exchanges, like any online platform handling sensitive information, are indeed susceptible to data breaches. Huobi is not the only crypto pioneer to have struggled with data breaches, crypto giant Gemini experienced a similar breach back in 2022.
