- Binance exchange has announced that the exposed data on GitHub is outdated and posed minimal risks. Hence, no security breach.
Binance, a prominent cryptocurrency exchange, has rebuffed allegations made in a recent report asserting that a “highly sensitive” trove of internal passwords and code had been publicly accessible on GitHub for an extended period.
The exchange contends that the code in question was outdated and posed minimal risks.
The report, published on January 31 by 404 Media, disclosed the existence of a cache encompassing “code, infrastructure diagrams, internal passwords, and other technical information.”
This cache included sensitive details regarding the exchange’s password management and multi-factor authentication processes.
Binance acted swiftly, filing a copyright takedown request with GitHub on January 24, citing the information as a “significant risk” that had been posted “without authorization.”
A spokesperson for Binance informed Cointelegraph that the individual responsible for uploading the data had shared exceedingly outdated information on GitHub.
Their security team had confirmed that the cache did not reflect their current operational procedures.
Consequently, Binance asserted that this outdated information “posed negligible risk to the security of our users, their assets, or our platform.”
The exchange argued that it was so obsolete that it would be unusable by any third parties or malicious actors.
In a bid to safeguard its intellectual property, both past and present, and mitigate any potential confusion or unwarranted concerns arising from the exposure of private data, Binance initiated the takedown request with GitHub.
Furthermore, they are pursuing legal action against the individual responsible for the unauthorized upload.
However, it is noteworthy that Binance’s takedown request to GitHub repeatedly characterized the exposed information as “our client’s internal code, which poses a significant risk to Binance and causes severe financial harm to Binance and user’s confusion/harm.”
Despite these actions, Binance has refrained from offering additional comments or responses to inquiries pertaining to this matter.