Comment

I hope nobody loses their shirt over this.

Summary

  • Sensitive data exposed: Internal code, infrastructure diagrams, passwords, and other technical information were publicly accessible on GitHub for months.
  • Source unclear: Unclear if an outside hacker or Binance employee accidentally uploaded the data.
  • Potential risk: Information could be used by attackers to compromise Binance systems, though Binance claims “negligible risk”.
  • Data details: Included code related to passwords and multi-factor authentication, diagrams of internal infrastructure, and apparent production system passwords.
  • Binance response: Initially downplayed the leak, later acknowledged data was theirs but downplayed risk.
  • Current status: Data removed from GitHub via copyright takedown request.
  • Unclear if any malicious actors accessed the data.
  • shortwavesurfer
    link
    fedilink
    English
    arrow-up
    8
    ·
    11 months ago

    Again, centralized exchanges are like public toilets. Get in, do your business, and get the fuck out. This is a good argument against KYC as well, since if they don’t have data, they can’t leak data.