Cryptocurrency platform FTX Japan had personal and financial information from 35,668 users inadvertently exposed by an unsecured Amazon S3 bucket more than a year after its shutdown, Cybernews reports.
More than 26 million files including financial reports, transaction logs, and user details, such as names and usernames, FTX account IDs, as recent as July 4, 2024 were included in the exposed bucket, which is believed to have continued collecting data following the end of FTX Japan's customer withdrawal obligations in early 2023. FTX Japan has since been purchased and renamed by cryptocurrency exchange bitFlyer into Custodiem. "It is unclear whether the discovered leak belongs to the actively used Custodiem infrastructure, or is an abandoned, unmodified artifact remaining after the FTX collapse. Therefore, it's also not clear if the personal data belongs to the users of Custodiem, or if the data belongs to customers of FTX Japan, who may have refused to transfer to Custodiem after the collapse," noted the Cybernews research team.
More than 26 million files including financial reports, transaction logs, and user details, such as names and usernames, FTX account IDs, as recent as July 4, 2024 were included in the exposed bucket, which is believed to have continued collecting data following the end of FTX Japan's customer withdrawal obligations in early 2023. FTX Japan has since been purchased and renamed by cryptocurrency exchange bitFlyer into Custodiem. "It is unclear whether the discovered leak belongs to the actively used Custodiem infrastructure, or is an abandoned, unmodified artifact remaining after the FTX collapse. Therefore, it's also not clear if the personal data belongs to the users of Custodiem, or if the data belongs to customers of FTX Japan, who may have refused to transfer to Custodiem after the collapse," noted the Cybernews research team.




