Posted on May 3, 2018 at 6:28 AM
25,000 investors in the start-up cryptocurrency Bezop have had their personal details publicly accessible online for a brief period due to the use of a MongoDB database that was unprotected.
Full names, addresses, email addresses, encrypted passwords and wallet information were exposed online, along with copies of driver’s licenses and passports. This information was visible to anyone with an internet connection.
Bezop claims to be a ‘distributed version of Amazon’. The site supports the creation of simple e-commerce sites, that it claims is secure, and which can be searched in a similar way to Amazon shops, but without the Amazon middleman.
The problems with the platform’s database, which is supported by John McAfee, were discovered and made public by Kromtech Security on 30 March.
Bezop claims that they themselves discovered the problem earlier, in January 2018, and had already informed those affected.
When the story broke online, Bezop retrospectively updated a blog post to state that in January their cyberinfrastructure was the victim of DDoS attacks from unknown hackers. They also admitted that this data exposure was the result of some flaws in their security.
However, the Chief Communication Officer at Kromtech, Bob Diachenko, maintains that the discovery was made on March 30. This is consistent with recent hacker activity, as over the last month cybercriminals have been taking over and holding unprotected MongoDB databases for ransom. Kromtech has been testing the refinement of these MongoDB targeted attacks.
Responding to a ‘honeypot’ database, the hackers needed only 13 seconds to take over the database, wipe 30GB of data and leave their demands.
Consequently, regardless of when the Bezop attack took place, the focus should be that the incident might have been significantly worse had the database indeed been targeted by hackers.
Bezop had been in the spotlight on controversy before. Earlier this year Bezop sent out both usernames and passwords using a cleartext format.