Major cryptocurrency exchange Huobi has successfully addressed a significant data breach that posed a threat to user assets and sensitive information. A white hat hacker discovered the breach, which occurred in the summer of 2021 when Huobi inadvertently shared a file containing AWS credentials. Although it took some time to confirm the breach had been fixed, Huobi has now rectified the issue, protecting its users from potential risks, media reports said.
The breach, if exploited, could have had severe consequences, including the theft of user accounts and assets, the spread of malware, and the potential disruption of Huobi’s operations.
For a period of two years, every user logging into a Huobi website or app was potentially at risk. However, the exchange has taken prompt action to resolve the situation, ensuring the safety of its users’ accounts and funds.
Citizen journalist Aaron Phillips played a pivotal role in bringing this breach to light. It took Phillips an entire year to persuade Huobi to acknowledge the breach and take the necessary steps to rectify it. His vigilance and dedication have contributed significantly to the security of Huobi’s platform and the protection of user assets.
The breach revealed some concerning information, including the leaked identity and contact details of approximately 4,960 users who held substantial amounts of cryptocurrency. It appears that Huobi maintained customer relationship management files on these individuals, categorizing them based on their market-moving power. While the breach exposed this information, it is crucial to note that Huobi has addressed the issue, mitigating any potential harm to affected users.
Moreover, the breach also resulted in the leak of over-the-counter (OTC) trading data from 2017 onwards. Detailed information, including user accounts, transaction details, and traders’ IP addresses, was inadvertently made accessible through a 2TB downloadable file. Huobi has taken steps to ensure the privacy and security of its users by addressing this specific concern.