‘Bitexlive’ Exposed Sensitive User Information to Site Visitors

By Bill Toulas / October 10, 2020

Researchers from the CyberNews team have discovered a serious blunder on the Turkish cryptocurrency exchange platform ‘Bitexlive.’ Due to a configuration error, user support tickets were exposed to every visitor of the site via the socket, so depending on what the users exchanged with the support agents of the platform, the exposure level and severity varies. In most cases, though, the support tickets concern sensitive information that could be used to compromise the users.

Bitexlive offers 24/7 support, two-factor authentication, and secure storage, but the bug that CyberNews investigators found should be trivial for the website’s operators to discover and fix. When informed about it by the publication, they quickly proceeded to fix it, but never answered to the researchers to thank them or assure them that the userbase would be notified of what happened. This just adds another reason not to trust the platform, as the lack of transparency combined with a lack of security is a dangerous mix.

By looking at data samples, the researchers found the following things:

  1. The time of request
  2. Name of the ticket creator
  3. Email of the ticket creator
  4. Extra information, like Telegram handle or addresses
  5. Full text of the ticket
  6. Image locations (if attached)
Source: CyberNews

Of all the above, the “full text of the ticket” is the worst kind, as this is where highly sensitive PII and documents may be shared as “Know Your Customer” and identity validation proof. There, one could potentially find passports, national IDs, and driver’s licenses.

According to ‘CoinGecko,’ the daily trading volume on Bitexlive is estimated to about $19 million, so this is not a minor platform we’re talking about. Also, accessing the exposed data wouldn’t require amazing hacking skills, but only minimal technical data.

Thus, if you are a user of Bitexlive, you are advised to do the following:

Read More:

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari