Sensitive Binance Data Removed From Github

Reading Time: 2 minutes
  • A cache of potentially damaging data from Binance has been removed from Github
  • The data, which is thought to have been leaked and uploaded around October last year
  • The exchange reassured users that the platform is not impacted

A cache of potentially damaging data from Binance has been removed from Github having been hosted for around four months. The data, which included code, internal passwords, and infrastructure diagrams, was reportedly leaked around October 2023. The material, attributed to an account named “Termf,” was brought to light by 404 Media last week, which revealed that it included technical details and code snippets, some of which were related to Binance’s security measures.

Internal Passwords Included in Cache

404 Media revealed that the cache featured passwords and multi-factor authentication implementations. It also contained passwords associated with systems labeled “prod,” indicating their likely use in the live operational site rather than in developmental or testing environments. This information was available on GitHub since at least January 5, prompting 404 Media to notify Binance about the breach.

In response to the security incident, Binance issued a copyright takedown request, confirming that the leaked material contained proprietary code belonging to the exchange. The takedown request highlighted Binance’s concern that the internal code posed a significant risk, potentially causing severe financial harm to the exchange and confusion or harm to its users. Following the request, GitHub removed the data from public access. 

Binance: Users Not Affected

A spokesperson for Binance acknowledged the leak and stated that its security team had “assessed this claim and confirmed that it does not resemble what we currently have in production.”

They added that “users should rest assured that their data and assets remain safe on our platform” and that the leaked information “posed negligible risk to the security of our users, their assets, or our platform.”