Binance says leaked passwords and site code that were viewable on GitHub for months before being taken down last week could cause “severe financial harm,” reports 404 Media.
The exchange, which recently saw its US arm booted from Alaska and Florida, appealed to GitHub and successfully took down the leaked data last week. In its takedown request, Binance said the upload wasn’t authorized and that the data posed a “significant risk to Binance,” may cause “severe financial harm,” and could confuse or harm its users.
404 Media saw the data before it was taken down, and claimed it could’ve been beneficial to hackers looking to compromise Binance’s systems.
The outlet claims the leaked data included:
- code relating to Binance’s implementation of passwords and multi-factor authentication;
- diagrams detailing the interlocking of Binance’s dependencies;
- supposed passwords for systems labeled “prod” which 404 says may relate to the live site.
The leaks were shared by an account called ‘Termf’ and were reportedly viewable for months. When 404 Media questioned Binance on January 5, a spokesperson said, “We are aware that there’s an individual online claiming to have sensitive Binance information.”
The spokesperson said its security team assessed the data and found it did “not resemble what we currently have in production.” They added, “Users should rest assured that their data and assets remain safe on our platform.”
404 Media noted there is no evidence to suggest that the data was accessed or used by a malicious party. It is also unknown if the data was leaked accidentally or if it was leaked by a Binance employee or someone outside the company.