Data Breach Leaves Bezop ICO Participants Exposed

Data Breach Leaves Bezop ICO Participants Exposed

An unsecured database containing the sensitive private data of over 25,000 investors in the Bezop Network ICO was recently discovered, cybersecurity firm Kromtech said in a recent report.

Also see: Request Network, Wikimedia Foundation Team Up on Donations

Join the Bitsonline Telegram channel to get the latest Bitcoin, cryptocurrency, and tech news updates:

Unsecured Database Found by Cybersecurity Firm

A MongoDB database containing “full names, addresses, email addresses, encrypted passwords, wallet information, along with links to scanned passports, driver’s licenses, and other IDs” of participants in the Bezop ICO was left online without any security, leaving it open to the public, according to a report by cybersecurity firm Kromtech.

UK-based Bezop held an ICO in December 2017 to fund their Ethereum-based decentralized eCommerce platform. The token sale for their cryptocurrency BEZ was promoted by John McAfee, who later became an advisor to the project.

On April 11th, Kromtech researcher Bob Diachenko contacted Bezop on Twitter, notifying them of the unsecured database:

Subsequently, Bezop made a public announcement on their blog on April 24th, notifying their community of Kromtech’s upcoming report, stating that the compromised “database has since been closed and secured.” The next day, Kromtech published a report of their findings.

The report stated that a table in the database was named “Bounty”, indicating that the information was for those who had participated in Bezop’s bounty program. However, it appears the startup’s data problems went beyond bounty participants and included other ICO investors, with issues beginning around the time Bezop was promoted by John McAfee.

On January 8th, Bezop sent an email to investors in the ICO notifying them that there had been security threats which could have compromised their personal data that they had since resolved:

“This email is to inform all our investors of a recent security threat. Earlier Today, We were DDOS’ed . while cloudflare’s network helped greatly, This battle isnt over. We have now been alerted by a top ‘whitehat hacker’ who found worrying loopholes that can lead to more ddos or worse expose user information. These issues have now been resolved. We urge everyone to quickly go to our app right away and request a password reset. Note : While Trying to reset , Be aware that Your email is case sensitive. Thanks in advance. Bezop Team”

Bezop’s Troubled ICO Process

According to sources, the compromised database was secured “within 24 hours or less” of the original breach. They also tweeted a similar message:

Kromtech’s Diachenko told Bitsonline that the database was taken down shortly after he contacted Bezop on Twitter, indicating it could still have been under their control. However, Diachenko’s tweet was public and could have been seen by hackers who held the database, and who subsequently took it down themselves. It would have been truly poor security practice had Bezop left their investors’ personal information unsecured on the internet for three months after knowing about the initial breach.Bezop security lapse

Data security wasn’t the first issue to strike the Bezop ICO. In response to scores of complaints from investors and bounty program participants, they issued a statement in which they announced “We clearly got caught with our pants down around our ankles during the ICO. What you need to understand is that we were a very small company at the time with very limited resources.”

This latest setback shows that the risks of investing in ICOs, even those endorsed by McAfee, pertain not only to losing money. It is also possible that ICO organizers can mishandle their investors’ private data, leaving them open to identity theft and a loss of privacy.

Shout out in the comments section below. What do you think of Bezop’s handling of the situation?

Images via Pxhere, Pixabay


Spread the love

Related posts

Leave a Comment