Binance Leak Exposes Code, Internal Passwords on GitHub for Months

• Sensitive Binance data, including code and internal passwords, leaked on GitHub for months.
• Leaked info reportedly contained details on security measures like passwords and multi-factor authentication.
• Binance claims the leak posed “negligible risk” and information was outdated while requesting takedown to protect IP and user concerns.

A data leak has hit cryptocurrency exchange Binance, with sensitive information including code and internal passwords exposed on GitHub for months.

The leaked material, discovered by cybersecurity researchers at 404 Media, reportedly contained various confidential details, raising concerns about potential security vulnerabilities.

‘Termf’ and the Initial Discovery

The leaked data, uploaded by “Termf,” included code, infrastructure diagrams, and internal passwords. Some code involved Binance’s security measures, exposing sensitive aspects of password and multi-factor authentication (MFA) systems. The leaked passwords included “prod” systems, suggesting they were used in the live exchange environment, not for development or testing.

“We are aware that there’s an individual online claiming to have sensitive Binance information.”

Binance

Following the discovery, Binance filed a copyright takedown request with GitHub, confirming the authenticity of the leaked data. The leaked material was removed last week.

Binance Confirms Leak, Downplays Risk

Binance emphasized the “significant risk” posed by the leak, including potential financial harm and user confusion.

However, Binance maintains that the leaked information was “very outdated” and did not resemble their current systems. They claim the leak posed “negligible risk” to user security and assets, arguing the information was too old to be usable by malicious actors. They stated that the request aimed to protect both their intellectual property and alleviate user concerns arising from the leak.

Binance downplays the immediate risk, the leak raises questions about their internal security protocols and potential vulnerabilities. Users are advised to remain vigilant and consider changing their passwords on the platform as a precautionary measure.