Kromtech Security has detected a leak of confidential information from the database of investors of the cryptocurrency startup Bezop. The company said on 25 April 2018.
A vulnerability in MongoDB database opened hackers to access confidential information of more than 25,000 investors Bezop. Thus was disclosed the full names of, and information about wallets and even scanned photos of documents proving the identity.
In your account on Medium Bezop issued a statement in which it was reported that the problem was solved in January 2018. According to the report, the platform was subjected to a DDoS attack, during which a vulnerability was discovered. Derrick Jones (Deryck Jones), technical Director Bezop, said that all investors were notified about the data breach. He also noted that the safety database was restored. Cryptocurrency startup insists that any new message is just «old news».
Despite these assurances, a Twitter user claims to have seen compromised database online March 30 in a few months after her security was allegedly restored. It should be noted that the message Kromtech confirms the leak of information from the database.
Another point of controversy lies in the fact that the leak apparently had been organized deliberately. According to researchers Kromtech, the changes made in the Protocol of MongoDB do a random occurrence of such errors is impossible. This means that the database has been deliberately configured to access it from the outside.
John McAfee was one of the investors, details of which were disclosed in the result of vulnerability. On the website Bezop also notes that he is an Advisor to the startup. Previously, McAfee is touting the platform as a potential rival of Amazon in the e-Commerce market. In the recording Medium on Bezop it is noted that McAfee received a fee for the promotion of the platform. From McAfee about 800,000 Twitter followers and the cost to promote the ICO in his account is $ 105 000.