Decentralized privacy platform Aleo was hit by a data breach, potentially exposing some users’ confidential information according to reports on February 25th.
Several users tweeted that Aleo had mistakenly sent them other users’ Know Your Customer (KYC) documents, including ID photos and selfies, when they signed up for rewards programs.
Aleo requires users to complete KYC verification through third-party service HackerOne when claiming rewards, in order to comply with anti-money laundering regulations. However, this process apparently resulted in sensitive documents being shared with unintended recipients.
Moreover, Aleo focuses on advanced zero-knowledge cryptography to enable private transactions, so this failure to protect user data seems ironic. As one expert noted, “a protocol for programmable privacy” should never allow access to plain text user information in this manner.
Also Read: OKX Adds Metis Network to DEX Aggregator
