This incident occurred due to a misconfigured Amazon Web Services (AWS) storage bucket, leading to the leak of over 250,000 Authentication Authentication (KYC) documents.

The leaked data contained users’ highly sensitive personal information, such as government IDs, passports and driver’s licenses. Such documents have become valuable commodities, especially on darknet markets, and digital passport scans can sell for as much as $15.

Research conducted by Cybernews shows that the leaked data was first noticed on September 11, 2024. The source of the leak was identified as a misconfigured AWS storage bucket.

AWS is a platform that provides big data storage and cloud services worldwide, and such configuration errors can lead to massive data breaches.

KYC documents are documents required by financial services providers to verify customers’ identities, and such data is often used by cybercriminals for identity theft and fraud.

Although it was stated that Bitnob secured the data and the security gap was closed, the exchange did not make any public statement about the incident. Beyond putting users’ personal information at risk, such data leaks create security concerns and undermine trust in the platform.

In particular, leaking KYC data makes it easier for this information to be used for malicious purposes such as money laundering, identity theft and fraud.

Analysts note that such data is bought and sold at high prices on online markets, posing serious threats to users.

Cybernews assessed the cause of the leak as “possible human error.” Buying and selling KYC documents has become a very common activity on the dark web, and digital passport scans can be sold at a low price, making such leaks even more critical.

Although it is not clear exactly how long the leaked data remained open, researchers think that malicious actors may have used the data before the leak was detected.

Bitnob is a Nigeria-based crypto platform founded in 2020 by Adeolu Akinyemi, Bernard Parah and Usman Majeed. The exchange offers Bitcoin-based financial services across Africa, including money transfers, savings and credit facilities.

While Bitnob stands out as an important platform to contribute to the development of digital financial services in Africa, such security breaches can seriously damage the platform’s reputation and user trust.

These types of data breaches are a major problem facing not only Bitnob but the entire crypto industry. It is essential for crypto exchanges to increase security measures and establish more robust systems to protect user data.

Moreover, it is clear that more transparent and effective regulations must be put in place to prevent such leaks.