Bitnob crypto exchange data breach: 250k KYC documents at risk

Cybernews researchers discovered a public AWS storage bucket exposing sensitive user data from Nigerian crypto exchange Bitnob.

Nigerian crypto exchange Bitnob reportedly exposed over 250,000 Know Your Customer documents, including sensitive user data, due to a misconfigured Amazon Web Services storage bucket.

An investigation revealed by the Cybernews research team on Nov. 6, discovered that the leak was first discovered on Sept. 11. Per the analysts, the leak contained KYC documents such as government IDs, passports, and driver’s licenses.

“Cybernews researchers have identified that the exposed bucket belongs to Bitnob, a fintech platform headquartered in Lagos, Nigeria.”

Cybernews

The analysts noted that KYC documents are highly sought after on dark web marketplaces, with digital passport scans selling for $15.

Bad actors target Bitnob’s users

Cybernews attributed the leak to “likely human error,” pointing to common misconfigurations as a potential cause. While Bitnob has since secured the data, the exchange has not released any statements regarding the incident. As of press time, no public comments have been made about the breach.

Founded in 2020 by Adeolu Akinyemi, Bernard Parah, and Usman Majeed, the Lagos-based crypto platform offers Bitcoin-based services such as transfers, savings, and loans across Africa. Although the duration of the exposure remains unclear, Cybernews analysts believe “it’s likely that threat actors have found it, too.”