Crypto Exchange Huobi remedies Data Breach
Take action: When you delay remedying leaked cloud credentials for 2 years after responsible disclosure, it's not an incident. It's negligence.
Learn More
Cryptocurrency exchange Huobi has acknowledged a significant data breach where the contact details of 4,960 users were leaked.
The breach occurred due to operational issues in the testing environment of Huobi's Japanese AWS site on June 22, 2021. Although a white hat hacker notified Huobi about the issue in June 2022, there was a massive delay in responding to rectify the problem.
The breach involved the exposure of credentials that granted write privileges to Huobi's AWS S3 buckets, which were connected to all of Huobi's login pages.
This breach had the potential to impact all Huobi users over the past two years.
The compromised data include
- user contact details,
- account balances,
- information on 'crypto whales,'
- over-the-counter trade data.
Huobi, which handles a monthly trading volume of over $10 billion, emphasized that no user accounts or funds were compromised during the breach. On June 20, the company deleted and secured the compromised account and cloud storage. There is no evidence to suggest that the breach was utilized for any malicious attacks.
