How KYC data gets exposed through shoddy web-design
5 April 2019 10:42 AM GMT
An ICO has accidentally made 15,000 KYC documents visible to all.
- Harry Denley, a security analyst at open source crypto startup MyCrypto, was investigating a US-based crypto startup (unnamed) that a colleague had alerted him to.
- Amid these documents Denley saw "uniformed personnel holding their identity cards, driver's licenses for various countries, documents containing fingerprint data for various countries, People's Republic of Bangladesh national ID cards, more ID cards titled 'Government of India,' Italian passports, Russian Federation passports, Ukrainian passports, Algerian passports, Republic of Korea passports, Socialist Republic of Vietnam passports, Venezuelan passports…" The list goes on.
- If passed to the wrong hands and combined with other data, people can use these to damage you in various ways: they can steal your identity, steal your money, destroy your credit rating, destroy your reputation, and cause major problems in your life," he wrote.
- Earlier this year, Decrypt  reported on a hacker who claimed to have obtained a stash of such documents from major exchanges including Binance and Kraken.
- Says Denley: "Back when ICOs were the 'thing,' bad actors could spin up a website, make a bitcointalk thread, push google ads, and advertise their "promises" to quickly grab funds and/or KYC documents.
Next Story
