Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa.

Iranian Crypto Exchange Misstep Exposes User Details

Iranian citizens' personal details were left visible online due to a misconfigured storage system.

Dark Reading Staff, Dark Reading

January 8, 2024

1 Min Read
A bitcoin next to the Iranian flag
Source: gabriel cassan via Alamy Stock Photo

A misconfigured object storage system used by Iranian crypto exchange bit24.cash has exposed the personal details of approximately 230,000 citizens in Iran.

Researchers from Cybernews reported that the oversight in bit24.cash's MinIO left unprotected and open online S3 buckets storing users' verification documents, including consent letters, passport information, and credit card details. MinIO is an S3-compatible open source object storage system that handles unstructured data.

Hossein Amini, security engineer at bit24.cash, told Cybernews there was no evidence of a data breach or unauthorized access to that sensitive user information, and user security and data protection are "utmost priorities." The researchers confirmed that the storage instance has now been secured and is no longer accessible.

Unsecured access to S3 buckets has been the cause for a number of breaches, including a 2022 case where 3TB of airport data was left exposed.

Read more about:

DR Global Middle East & Africa

About the Author(s)

Dark Reading Staff

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

See more from Dark Reading Staff
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars
Events
More Events

Editor's Choice

MITRE Corp's logo in blue
Endpoint Security
MITRE ATT&CKED: InfoSec's Most Trusted Name Falls to Ivanti BugsMITRE ATT&CKED: InfoSec's Most Trusted Name Falls to Ivanti Bugs
byNate Nelson, Contributing Writer
Apr 22, 2024
3 Min Read
The letters EDR/XDR amid binary code
Application Security
Evil XDR: Researcher Turns Palo Alto Software Into Perfect MalwareEvil XDR: Researcher Turns Palo Alto Software Into Perfect Malware
byNate Nelson, Contributing Writer
Apr 19, 2024
4 Min Read
Kuala Lumpur, Malaysia, skyline against the harbor at sunrise
Cyber Risk
Licensed to Bill? Nations Mandate Certification & Licensure of Cybersecurity ProsLicensed to Bill? Nations Mandate Certification of Cybersecurity Pros
byRobert Lemos, Contributing Writer
Apr 23, 2024
4 Min Read
Reports
More Reports
White Papers
More Whitepapers
Events
More Events