Binance has recently experienced a security lapse with leaked passwords and site code that were reportedly accessible on GitHub for an extended period before being taken down last week. The incident raises concerns about potential risks to user data and the security of Binance’s systems.
According to reports, the leaked data, which included code related to Binance’s implementation of passwords and multi-factor authentication, as well as diagrams detailing the interlocking of Binance’s dependencies, was shared by an account named ‘Termf.’ The leaked information was viewable on GitHub for months before Binance successfully appealed to GitHub for its removal.
Binance and Github Actions
Binance, in its takedown request, emphasized that the upload was unauthorized and posed a significant risk to the exchange, potentially causing severe financial harm and confusion or harm to its users. The leaked data also purportedly contained passwords for systems labeled “prod,” which may be associated with the live site.
While the data was accessible, there is no evidence to suggest that it was accessed or used by malicious actors. Binance’s security team assessed the data and stated that it did not resemble their current production data, reassuring users that their data and assets remain safe on the platform.
The security lapse comes at a time when Binance has faced other challenges, including the removal of its US arm from Alaska and Florida. The exposure of sensitive information on GitHub raises questions about the effectiveness of security measures in place and the potential vulnerabilities that could be exploited by hackers.
As investigations continue, it remains uncertain whether the data leak was accidental or intentional, and whether it involved internal or external actors just like what happened with Bit24. Binance users are advised to remain vigilant, and the exchange has reaffirmed its commitment to addressing security concerns and ensuring the safety of user assets.