Kromtech Security has revealed a database open to the public which contains confidential information for over 25,000 investors of the newly created Bezop cryptocurrency.
The sensitive information include full names, addresses, email addresses, encrypted passwords, wallet information, along with links to scanned passports, driver's licenses, and other Ids.
The information was found within a MongoDB database without any security.
It's worth mentioning that John Mcafee is among the advisers of the board for Bezop. In a recent tweet he described Bezop as “a distributed version of Amazon.com”, saying that “it could be as huge as it gets in the blockchain world.”
Bezop posted an announcement stating that the platform had suffered a DDoS attack which had exposed some unsecured databases on the platform, but the issue had been resolved since January 2018:
“In the interest of full disclosure, John McAfee, coinmarketcap, Facebook and all other Bezop promoters were all paid for the promotion of Bezop; this includes media buys, tweets, promoted posts and articles. These funds were both taken from Bezops marketing budget and some investments put forward by the team before the token sale. All Bezop members received a fraction of cryptocurrency for their services and Bezop tokens held in until the end of six months from the closure of the ICO.”
It's noteworthy that, according to Kromtech, the base may have been deliberately configured to be public.
“In fact, it's a little difficult to grasp how it could happen, even if by mistake. Given the changes to MongoDB, it would have to have been deliberately configured to be public, a configuration which should not even be risked internally, ” Kromtech's researchers state.
By Jade Olafson