Binance Code and Internal Passwords Exposed on GitHub for Months
Open link in next tab
Binance Code and Internal Passwords Exposed on GitHub for Months
https://www.404media.co/binance-internal-code-and-passwords-exposed-on-github-for-months/
A takedown request said the GitHub account was “hosting and distributing leaks of internal code which poses significant risk to BINANCE.”
Comment
I hope nobody loses their shirt over this.
Summary
- Sensitive data exposed: Internal code, infrastructure diagrams, passwords, and other technical information were publicly accessible on GitHub for months.
- Source unclear: Unclear if an outside hacker or Binance employee accidentally uploaded the data.
- Potential risk: Information could be used by attackers to compromise Binance systems, though Binance claims "negligible risk".
- Data details: Included code related to passwords and multi-factor authentication, diagrams of internal infrastructure, and apparent production system passwords.
- Binance response: Initially downplayed the leak, later acknowledged data was theirs but downplayed risk.
- Current status: Data removed from GitHub via copyright takedown request.
- Unclear if any malicious actors accessed the data.