Data Security

Millions of user records exposed by misconfigured NCX database

concept of leaky software, data with a tap sticking out.3d illustration

NCX, a leading cryptocurrency exchange, had more than five million user records leaked as a result of an unprotected MongoDB database, reports Cybernews.

Included in the over 1 GB data trove were API keys, IP addresses, user-uploaded identity document links, transaction histories, wallet addresses, two-factor authentication codes, and hashed passwords. The Cybernews team said the database had been publicly accessible for months, leaving users at risk of identity theft, crypto wallet exploitation, and account takeovers.

The data was stored in eight collections, with the largest containing over two million records. Several smaller collections revealed wallet and airdrop data, likely corresponding to active NCX users. The records appeared current, indicating ongoing system activity.

Researchers reported the leak immediately and advised NCX to secure the database, conduct a forensic audit, rotate exposed keys, and notify users. They also urged users to withdraw funds and consider depositing these to a different platform or delete accounts and stay alert for suspicious activity while the data remains exposed.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds