250k KYC documents at risk

Cybernews researchers have discovered a public AWS storage site that exposed sensitive user data of Nigerian crypto exchange Bitnob.

Nigerian crypto exchange Bitnob reportedly had over 250,000 Know Your Customer documents, including sensitive user data, exposed due to a misconfigured Amazon Web Services storage group.

An investigation uncovered by the Cybernews investigative team on November 6 revealed that the leak was first noticed on September 11. According to analysts, the leak included KYC documents such as government IDs, passports and driver’s licenses.

“Cybernews researchers identified the exposed hive as belonging to Bitnob, a fintech platform headquartered in Lagos, Nigeria.”

cyber news

Analysts stated that KYC documents are highly sought after on dark web markets and digital passport scans are sold for $15.

Bad actors target Bitnob’s users

Cybernews characterized the leak as “possible human error” and pointed to widespread misconfigurations as a possible cause. While Bitnob has since secured the data, the exchange has not released any statement regarding the incident. As of the date of publication, there has been no public comment regarding the breach.

Founded in 2020 by Adeolu Akinyemi, Bernard Parah and Usman Majeed, the Lagos-based crypto platform offers Bitcoin-based services such as transfers, savings and loans across Africa. Although the timing of the exposure remains unclear, Cybernews analysts believe “there is a high probability that threat actors have also found it.”

Leave a Reply

Your email address will not be published. Required fields are marked *