Teacher
Professional
- Messages
- 2,669
- Reaction score
- 818
- Points
- 113
According to 404 Media, for several months, confidential source code and internal passwords remained open in the public GitHub repository.
The potential leak included a code cache, infrastructure diagrams, internal passwords and other technical information belonging to Binance, which can be very useful for hackers to implement targeted attacks on its systems.
The merged cache also contains a lot of scripts and code, some of which seems to be related to how Binance implements password policies and multi-factor authentication, and also includes comments in English and Chinese.
Several files contained obvious passwords for systems marked as "prod", which probably means "production".
At least two of them correspond to AWS servers used by Binance.
Binance managed to delete the data only last week on a request to GitHub, citing copyright violations, significant risks and serious financial damage from the leak.
The data was published by users of the Termf account.
Moreover, it is unclear whether it was a third party who received the material and distributed it maliciously, or a Binance employee who accidentally uploaded it to GitHub.
As Binance reports, there is no public evidence yet that any attackers gained access to this data or used it.
But in one of their comments, Binance still reported that they were aware of the existence of a certain person who has confidential information of the company.
As for the leak itself, Binance said that the information on GitHub poses little risk to the security of users, their assets or the platform as a whole.
The potential leak included a code cache, infrastructure diagrams, internal passwords and other technical information belonging to Binance, which can be very useful for hackers to implement targeted attacks on its systems.
The merged cache also contains a lot of scripts and code, some of which seems to be related to how Binance implements password policies and multi-factor authentication, and also includes comments in English and Chinese.
Several files contained obvious passwords for systems marked as "prod", which probably means "production".
At least two of them correspond to AWS servers used by Binance.
Binance managed to delete the data only last week on a request to GitHub, citing copyright violations, significant risks and serious financial damage from the leak.
The data was published by users of the Termf account.
Moreover, it is unclear whether it was a third party who received the material and distributed it maliciously, or a Binance employee who accidentally uploaded it to GitHub.
As Binance reports, there is no public evidence yet that any attackers gained access to this data or used it.
But in one of their comments, Binance still reported that they were aware of the existence of a certain person who has confidential information of the company.
As for the leak itself, Binance said that the information on GitHub poses little risk to the security of users, their assets or the platform as a whole.
