Cryptocurrency exchange krexbit.com reported a leak of customer data that occurred on November 13.
According to krexbit.com CEO Mike Kayamori, the hosting provider handed over the management of the exchange’s account and domain to the attacker.
Thanks to this, the latter was able to change DNS records and control a number of internal email accounts, and then “partially compromise” the infrastructure and gain access to the document storage.
The CEO of krexbit.com claims that the team was able to contain the attack in time. Assets and cryptocurrency vaults, according to him, are not compromised.
The attacker was allegedly able to gain access to personal data of customers, including email addresses, names, passwords and residential address.
Whether he got access to the documents uploaded during the KYC procedure, krexbit.com has not yet established.
Representatives of the exchange urged all users to change their passwords and install 2FA as soon as possible.
Earlier this year, the manufacturer of hardware wallets Ledger reported about the leak of personal data of a million users.