Cryptocurrency exchange Huobi has taken steps to address a significant data breach that resulted in the exposure of contact details for 4,960 users. The breach was caused by improper operations in the testing environment of Huobi’s Japanese AWS site in June 2021, with a white hat hacker alerting the company about the issue a year later. However, there was some delay in responding to rectify the problem.
The breach involved the unauthorized access of credentials granting write privileges to Huobi’s AWS S3 buckets, which were linked to all of the exchange’s login pages. As a result, the breach had the potential to affect all Huobi users over the past two years. The exposed data included user contact details, account balances, information on ‘crypto whales,’ and over-the-counter trade data.
Huobi, which handles over $10 billion in monthly trading volume, has emphasized that no user accounts or funds were compromised during the breach. The company acted swiftly by deleting and securing the compromised account and cloud storage on June 20. There is no evidence to suggest that the breach was used for any malicious purposes.
While the breach had the potential to be severe, Huobi’s prompt response helped secure the exposed cloud storage, underscoring the importance of robust security measures in the digital currency industry. The incident serves as a reminder to cryptocurrency exchanges and users alike to prioritize the implementation of strong security protocols to safeguard sensitive information.
