January 8, 2024.
Bit24.cash, an Iranian over-the-counter crypto exchange, has inadvertently exposed sensitive KYC data of nearly 230,000 users due to a misconfigured MinIO instance. The misconfiguration granted access to S3 buckets containing KYC information, including written consent, passports, IDs, and credit cards. Cybernews researchers emphasize the severe threat posed by compromised KYC data, as threat actors could exploit it for identity theft, fraudulent transactions, and phishing attacks. Bit24.cash denies the data breach claims, stating that their MinIO setup and cloud storage containers remain secure with no unauthorized access to sensitive user data. Users are encouraged to reach out to the platform’s support for reassurance.