- Leaks of user information only affect 4,000 customers
- The team solved this problem in almost 2 years
Chinese reporter citing White hacker Aaron Philips informedthat in 2021 almost all information about over-the-counter transactions from 2017 to 2021 was leaked from the Huobi cryptocurrency exchange on a large scale. At the same time, some information about clients, information about VIP users and their own technical infrastructure were made public.
Huobi said that the incident occurred on June 22, 2021 due to negligence on the part of employees in the test environment of the Japanese station. On October 8, 2022, drastic action was taken and all information intended for users was completely isolated. This incident was discovered by a white hat team, and Huobi employees immediately responded to it on June 21, 2023 (10 days ago) by closing the relevant file access. The vulnerability has been fixed and all user data has been removed.
Subsequently, Huobi updated the information. They noted that the transaction data that was mentioned in the article is test data and not real. The user information leaks only concern 4,000 users, and the log shows that the data access was only downloaded by the “white hat” who claimed to have deleted the information. Thus, no data leak actually occurred.
The “white hat” itself also concluded regarding this situation:
“Unfortunately, in the case of Huobi, it is difficult to conclude that they are doing their job effectively. Leaking their credentials is a serious breach, but what’s worse is that it took months to respond to this case, and even after that, Huobi decided to leave the credentials online. On the other hand, the exchange previously had a reputation for being one of the safest. However, this breach jeopardizes that reputation. I have destroyed all personal information and confidential information related to this breach.”