• About Us
  • Contact
  • Careers
  • Send Us a Tip
Menu
  • About Us
  • Contact
  • Careers
  • Send Us a Tip
CyberNews logo
Newsletter
  • Home
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
Menu
  • Home
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
CyberNews logo

Home » Security » Crypto exchange leaks every user’s support ticket to every other user

Crypto exchange leaks every user’s support ticket to every other user

by Bernard Meyer
9 October 2020
in Security
0
Crypto exchange leaks every user’s support ticket to every other user
55
SHARES

CyberNews recently discovered a bug affecting the cryptocurrency exchange platform Bitexlive in which support tickets were exposed to every visitor of the site via the socket. This data can be mundane or extremely sensitive, depending on the type of information being communicated between the customer and the customer support agents. 

CyberNews contacted Bitexlive via Telegram on September 28 to disclose the issue and help them resolve it. Although we have received no communication in return, the issue seems to have been fixed after we informed them. 

A request for comment was not returned by the time of publishing.

What data is being leaked?

The leaked data is related to any support ticket, which can be viewed by any visitor of the site via Bitexlive socket. When a Bitexlive user has some issue with the site, whether it’s serious or mundane, they will contact customer support and open what’s known as a support ticket — basically a summary of the situation and a request for help. With this data leak, every user on Bitexlive can see other users’ support tickets.

The leaked data includes:

  • the time of request 
  • name of the ticket creator 
  • email of the ticket creator
  • extra information, like Telegram handle or addresses
  • full text of the ticket
  • Image locations (if attached)

Needless to say, most of the data being leaked is already sensitive. But the area for most worry is the “full text of the ticket,” which can contain very sensitive information depending on the type of problem being discussed with customer support.

This can also include KYC, or Know Your Customer, data required by many cryptocurrency exchanges, which includes official identification documents like passports, driver’s licenses, and national IDs.

Below is a sample of the kind of data that we were able to see:

The data was being sent to every visitor of Bitexlive, so anyone with minimal technical knowledge could view this data.

Who is the company behind the vulnerability?

Bitexlive is a cryptocurrency exchange platform that is based in Turkey. Besides claiming the usual 24/7 support, secure storage and two-factor authentication, their website also claims that they put “Security First.”

However, while the vulnerability we discovered was not critical, it still reflects poorly on a financial services provider. Unfortunately, while Bitexlive seems to have used our vulnerability disclosure to patch their issue, they responded to neither our initial disclosure nor any of our follow-up requests for comment.

According to CoinGecko, Bitexlive has a daily trading volume of about $19 million, and has a trust score of 4/10.

What’s the impact of the vulnerability?

At the moment, with the limited knowledge that we have of the situation due to Bitexlive’s lack of communication, it is unknown for exactly how long the vulnerability had remained and how many people may have accessed this information.

Nonetheless, the kind of information that was exposed can be used for targeted phishing campaigns against Bitexlive users. Depending on the type of information that was being shared in these private support tickets, victims can potentially have their KYC data leaked.

With that, cybercriminals can commit identity theft on these victims, possibly taking out loans or credit cards in their names, or even using the information for social engineering and other purposes.

Next steps

If you are or have been a user of Bitexlive, there’s a chance that your data has been exposed. Therefore, we recommend you:

  1. Review your messages with Bitexlive support in your mailbox to see if you’ve shared sensitive information
  2. Set up identity theft monitoring to make sure your finances are safe
  3. Keep an eye out for phishing or other suspicious emails or messages, and avoid clicking on links from suspicious emails
Share55TweetShareShare

Related Posts

TikTok logo

Potentially massive TikTok vulnerability patched

28 January 2021
The satellite-hacker’s guide to the space industry: don’t panic (yet)

The satellite-hacker’s guide to the space industry: don’t panic (yet)

27 January 2021
Man in front of multiple computers

North Korea has been targeting threat researchers

27 January 2021
Teespring data leaked on hacker forum

8+ million Teespring user records leaked on hacker forum

25 January 2021
Next Post
Young Asian male frustrated, confused and headache by ransomware attack on desktop screen, notebook and smartphone,

The ransomware ‘industry’ is becoming more commercial and professional than ever

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Popular News

  • 70TB of Parler users’ messages, videos, and posts leaked by security researchers

    70TB of Parler users’ messages, videos, and posts leaked by security researchers

    83059 shares
    Share 83049 Tweet 0
  • 8 best cybersecurity podcasts for 2021

    56 shares
    Share 56 Tweet 0
  • Walmart-exclusive router and others sold on Amazon & eBay contain hidden backdoors to control devices

    13365 shares
    Share 13361 Tweet 0
  • The ultimate guide to safe and anonymous online payment methods in 2021

    13 shares
    Share 13 Tweet 0
  • Network Attached Storage

    0 shares
    Share 0 Tweet 0
Is PayPal’s crypto move a game-changer for bitcoin?

Cryptocurrency crime drops in 2020 but ‘DeFi’ breaches rise, study finds

28 January 2021
Privacy is an illusion. But that‘s a good thing

Privacy is an illusion. But that‘s a good thing

28 January 2021
Will quantum cryptography break classical encryption?

Will quantum cryptography break classical encryption?

28 January 2021
TikTok logo

Potentially massive TikTok vulnerability patched

28 January 2021
The U.S. flag is seen on a building on Wall St.

Costly short squeeze makes Reddit required reading on Wall Street

28 January 2021
Huawei logo display

White House vows to protect U.S. telecoms network from Huawei security threat

28 January 2021
Newsletter

Subscribe for security tips and CyberNews updates.

Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!
Categories
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
  • VPNs
  • Password Managers
  • Secure Email Providers
  • Antivirus Software Reviews
Tools
  • Personal data leak checker
  • Strong password generator
About Us

We aim to provide you with the latest tech news, product reviews, and analysis that should guide you through the ever-expanding land of technology.

Careers

We are hiring.

  • About Us
  • Contact
  • Send Us a Tip
  • Privacy Policy
  • Terms & Conditions
  • Vulnerability Disclosure

© 2021 CyberNews

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.

Home

News

Editorial

Security

Privacy

Resources

  • About Us
  • Contact
  • Careers
  • Send Us a Tip

© 2020 CyberNews – Latest tech news, product reviews, and analyses.

Subscribe for Security Tips and CyberNews Updates
Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!