NCX, a leading cryptocurrency exchange, had more than five million user records leaked as a result of an unprotected MongoDB database, reports Cybernews.Included in the over 1 GB data trove were API keys, IP addresses, user-uploaded identity document links, transaction histories, wallet addresses, two-factor authentication codes, and hashed passwords. The Cybernews team said the database had been publicly accessible for months, leaving users at risk of identity theft, crypto wallet exploitation, and account takeovers.The data was stored in eight collections, with the largest containing over two million records. Several smaller collections revealed wallet and airdrop data, likely corresponding to active NCX users. The records appeared current, indicating ongoing system activity.Researchers reported the leak immediately and advised NCX to secure the database, conduct a forensic audit, rotate exposed keys, and notify users. They also urged users to withdraw funds and consider depositing these to a different platform or delete accounts and stay alert for suspicious activity while the data remains exposed.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds




