Cryptocurrency exchange Binance has disputed the level of risk posed by sensitive internal data that was publicly accessible on code-sharing platform GitHub for several months.
On January 31st, cybersecurity news outlet 404 Media reported that leaked Binance files on GitHub included passwords, infrastructure diagrams, code snippets, and details related to user passwords and two-factor authentication.
The report notes that Binance successfully petitioned GitHub to scrub the files through a Jan. 24 copyright takedown request, where the exchange said the information “poses [a] significant risk” and was posted “without authorization.”
A Binance spokesperson explained that this information was outdated, posing a “negligible risk” to the safety of users or platform performance.
However, they claimed that the materials, including code samples and descriptions, were outdated and wouldn’t have been useful in the event of a potential hack.
The request sent to GitHub repeatedly shows the significant risk the leaked material represents and its potential to cause “severe financial harm” to Binance and confusion or harm to users.
While Binance maintains that immediate user security was not threatened in this case, questions may remain over whether its response and public communication have adequately addressed issues raised by the lapse in data control.
The exchange revealed it is pursuing legal options against the GitHub user who posted the leaked information. Some security experts argue more transparency and decisive internal action are warranted in reacting to such an incident.
