Brother
Professional
- Messages
- 2,590
- Reaction score
- 539
- Points
- 113
Will the leak affect the security of clients and internal systems of the platform?
An extremely sensitive array of data belonging to Binance has been located in the public GitHub repository for several months. As it became known to the publication 404 Media, the array contained codes, infrastructure schemes, internal passwords and other technical information.
Binance was able to get the data removed from GitHub only last week, using a request for deletion due to copyright infringement. However, up to this point, 404 Media and other users have managed to view the data. Despite the lack of public evidence that the data was used by hackers, it contained information that could be useful for hackers to compromise Binance's systems.
Screenshots of the data leak
In particular, one of the diagrams showed the relationship of various parts and dependencies of Binance. The array also contained many scripts and codes, some of which apparently related to the implementation of passwords and multi-factor authentication. The code comments were written in both English and Chinese.
Several files contained assumed passwords for systems designated as "prod", which probably means working systems. Several passwords appeared to correspond to AWS servers used by Binance.
The leaks were published on GitHub by an account called "Termf". It is unclear whether this was the action of an external party distributing the materials maliciously, or a Binance employee who accidentally uploaded them to GitHub.
404 Media first contacted Binance about the GitHub repository on January 5. At that time, a company representative stated that the company is aware that there is a person on the network claiming to have sensitive Binance information. The security service confirmed that the statement does not correspond to what the company has in production. Users can rest assured that their data and assets remain secure. However, by submitting a request for deletion due to copyright infringement, Binance has acknowledged that the data does contain Binance code.
An extremely sensitive array of data belonging to Binance has been located in the public GitHub repository for several months. As it became known to the publication 404 Media, the array contained codes, infrastructure schemes, internal passwords and other technical information.
Binance was able to get the data removed from GitHub only last week, using a request for deletion due to copyright infringement. However, up to this point, 404 Media and other users have managed to view the data. Despite the lack of public evidence that the data was used by hackers, it contained information that could be useful for hackers to compromise Binance's systems.
Screenshots of the data leak
In particular, one of the diagrams showed the relationship of various parts and dependencies of Binance. The array also contained many scripts and codes, some of which apparently related to the implementation of passwords and multi-factor authentication. The code comments were written in both English and Chinese.
Several files contained assumed passwords for systems designated as "prod", which probably means working systems. Several passwords appeared to correspond to AWS servers used by Binance.
The leaks were published on GitHub by an account called "Termf". It is unclear whether this was the action of an external party distributing the materials maliciously, or a Binance employee who accidentally uploaded them to GitHub.
404 Media first contacted Binance about the GitHub repository on January 5. At that time, a company representative stated that the company is aware that there is a person on the network claiming to have sensitive Binance information. The security service confirmed that the statement does not correspond to what the company has in production. Users can rest assured that their data and assets remain secure. However, by submitting a request for deletion due to copyright infringement, Binance has acknowledged that the data does contain Binance code.
