(CTN News) – Binance has leaked sensitive material, including code and internal passwords, on GitHub. This information had been publicly available for several months before discovery.
A user named “Termf” posted material that included code, infrastructure diagrams, internal passwords, and other technical information, according to 404 Media. Binance’s implementation of security measures, including multi-factor authentication (MFA) and passwords, is reportedly described in some code available on the website.
In addition, passwords appeared to have been included for systems marked “prod,” which were likely to have been used for the live site rather than for development and demonstration purposes.
In response to Binance’s copyright takedown request last week, the data was removed from GitHub. It is known that the material has been available to view since at least January 5, when 404 Media contacted the exchange regarding the leaks.
In its copyright takedown request, Binance said the leak involved internal code that posed “significant risks for Binance and caused severe financial harm for the company, as well as confusion and harm to users.”
A statement from stated that the company was aware of the leak, that their security team assessed the claim, and that it had “commented on what we currently have in production and determined that it does not match the claim.”
As Binance explained further, the leaked information “posed negligible risks to the security of our users, their assets, and the platform,” stating that “users should rest assured that their data and assets remain safe on our platform.”..”