1 min read

Blockchain-powered e-commerce startup leaks personal information of 25,000 early investors

Filip TRUȚĂ

May 02, 2018

Blockchain-powered e-commerce startup leaks personal information of 25,000 early investors

A misconfigured MongoDB database has led to the leak of names, email and physical addresses, wallet information, encrypted passwords, and driver”s license and passport numbers of 25,000 early investors in Bezop. The leak deals a second security-related blow in months to the e-commerce startup, which hopes to give retail giant Amazon a run for its money by fashioning its business around digital currency.

Bezop is a decentralized blockchain-powered commerce platform, similar in some ways to Amazon, that hopes to be “the future of global trade,” according to its creators.

“No monthly fees, Build professional amazon-like stores and start accepting cryptocurrency in minutes,” reads a marketing tagline on the firm”s website.

The business is based on its own Bezop cryptocurrency, which trades under the name BEZ. Users are promised several sure-fire ways to generate profits, not just by selling goods in exchange for crypto coins, but also by participating in “mining” programs for an extra incentive.

However, things went awry for Bezop when researchers at Kromtech (a developer of popular macOS utilities) found a misconfigured MongoDB database that was showing the personal information of 25,000 Bezop investors in plain text – publicly, for anyone with access to the Internet to see.

When alerted to the breach in March, Bezop fixed the problem but made no public admission that it messed up so badly – if there”s one thing a startup needs like air, it”s the trust of its early backers.

Sadly for Bezop, it”s not the first time the company has made headlines for insecure handling of user data. As reported by hackread.com, only a few months ago the company sent usernames and passwords in cleartext format.

John McAffee (the founder of the security firm with the same name) sits on Bezop”s board of directors, but his expertise has apparently yet to rub off on the company he is backing.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands
Graham CLULEY

July 23, 2021

3 min read
Homoglyph domains used in BEC scams shut down by Microsoft Homoglyph domains used in BEC scams shut down by Microsoft
Graham CLULEY

July 22, 2021

3 min read
China Sets Up New Worrying Vulnerability Disclosure Rules China Sets Up New Worrying Vulnerability Disclosure Rules
Silviu STAHIE

July 20, 2021

1 min read