Late on Sunday, an alert appeared on X, suggesting that personal data of Binance customers was being sold on the Dark Web. The exchange was quick to deny the rumors. Whether or not the rumors are true, this is a good opportunity to remind you of a few security rules in the face of such an eventuality.
Binance responds to rumors of customer data leakage
Sunday late afternoon, the X otteroooo account posted a message indicating that personal data of Binance customers could be for sale on the Dark Web:
Binance users KYC data seems to be on sale on the dark web now
alleged github hack leak pic.twitter.com/SPjGQPsIlS
– otteroooo (@otteroooo) February 4, 2024
As the screenshot suggests, the author of the message on an unidentified forum is allegedly selling data from users who have completed their Know Your Customer (KYC) verification. If confirmed, this data would include addresses and telephone numbers.
A few hours after the message was published, Binance support responded directly below the post, categorically denying that any data had been leaked:
“Our security team assessed this – as they do all potential threats – and confirmed that there was no such leak in Binance systems. User accounts remain secure. Accounts are secured through numerous defenses […]. “
Whether it’s true or not, it’s nevertheless worth taking advantage of this rumor to make a few important security reminders.
What to make of this story?
While it’s difficult to confirm or deny otteroooo’s claims in the absence of more concrete information, it’s worth pointing out that it wouldn’t be in Binance’s interest to lie on such an important subject.
However, whether for this or any other platform, this is a likely scenario, and one that needs to be considered in one’s own risk management.
One of the signs that could betray a data leak would be a phishing email campaign, alleging a supposed problem with your account and inviting you to reset your password with the aim of stealing it from you and logging into your account.
It’s important to use a different password for each account. What’s more, you can enter an “anti-phishing code” on most exchanges, so that they remind you of this code when you send them emails to prove their authenticity.
If a hacker has his victim’s telephone number, a SIM swap attack can be envisaged. To guard against such a risk, we recommend 2-factor authentication using a physical verification key, such as those from Yubico, or a Ledger hardware wallet with the FIDO U2F application
Like many other platforms,
Binance integrates all these solutions and offers them to its customers in their security settings.
Finally, the safest thing to do is also to limit the amount of assets present on centralized exchanges, or at the very least to diversify where your cryptocurrencies are stored.
