Huobi, a leading cryptocurrency exchange, has resolved a significant data breach that resulted in the exposure of contact details for 4,960 users.
The breach occurred on Huobi’s Japanese AWS site on June 22, 2021, due to improper operations in the testing environment. A white hat hacker notified Huobi about the issue in June 2022, but there was a slight delay in addressing the problem.
According to the report, the breach involved the exposure of credentials that allowed write privileges to Huobi’s AWS S3 buckets. These buckets were linked to all of Huobi’s login pages, potentially impacting every Huobi user in the past two years.
The exposed data included user contact details, account balances, information about “crypto whales,” and over-the-counter (OTC) trade data.
Huobi, which facilitates over $10 billion in monthly trading volume, emphasized that no user accounts or funds were compromised during the breach. On June 20, the company promptly secured and deleted the compromised account and cloud storage. There is no evidence to suggest that the breach was used for any malicious activities.
While the breach had the potential to be severe, Huobi’s response effectively safeguarded the exposed cloud storage, underscoring the importance of robust security measures in the digital currency industry.
Compiled by Coinbold
