How Does a Crypto Exchange Leak Support Ticket Data So Easily?

Reading Time: 2 minutes
  • A Turkish exchange has been leaking data from support tickets
  • Virtually no tech experience was needed to view the data that was being leaked
  • It’s still not known how many people accessed the leaked data and have abused it so far

In case you missed it, last week a Turkish exchange was warned about a security issue with its helpdesk platform. The issue meant that any user with a ticket could see all the data from all other tickets that were currently open. Now, this exchange claims to put security first and be at the forefront of security, but this alarming revelation suggests otherwise.

But, how does an error of this magnitude occur during this day and age? Let’s take a look at what happened.

Sensitive Data Leaked Via the Socket

The Turkish exchange under the microscope is Bitexlive, and unless you’re into using Turkish exchanges, then we’re pretty sure you will never have heard about this exchange. What was happening is that important data about all support tickets was being leaked via the socket. Anyone with minimal technical experience could see ticket creation date, name of the ticket creator, the email address of the ticket creator, information such as telegram handle and, most worryingly, the full text of the ticket.

All of this data can be used in phishing campaigns to make emails seem very realistic, even including specifics that a user had included in a ticket, meaning these emails would have a higher chance of success.

But, if a user was using the ticket system to deal with a KYC issue, then potentially anyone that took this data could have taken everything needed to complete KYC at any exchange in the world – how scary is that!

An Unknown Length of Time

After CyberNews reported the issue to Bitexlive, the issue was patched rather quickly, but the team at CyberNews never heard back. So, let’s presume this bug has been around for just a month. That’s a whole month worth of tickets that have been exposed in plain text to the world.

But, what if it has been there for longer? This vulnerability could have been exploited hundreds or thousands of times without anyone knowing at all. This is by far the scariest part. This is exactly what happens when exchanges rush to go live and don’t fully test their code.

Why are We Using Centralized Exchanges?

Centralized exchanges such as Bitexlive are treading on some very thin ice at the moment. With data leaks, hacks and much more happening, more and more people are swapping from centralized exchanges over to swap exchanges like changeangel and other decentralized exchanges.

The best way to ensure your crypto and your identity is as safe as possible, you need to stop using centralized exchanges – they’re totally unsecure and untrustworthy!