The Cybernews research team has discovered an unprotected MongoDB database leaking massive amounts of sensitive information. The dataset, attributed to crypto trading platform NCX, revealed several data collections that, when combined, reveal over five million records.
Many businesses utilize MongoDB to handle large swaths of unstructured data. However, NCX appears to be plagued with a common issue: databases are left unprotected without authentication, often due to human error.
The exposed information includes:
- Full names, usernames, and dates of birth;
- Email addresses;
- Links to user-uploaded identity documents (KYC);
- Two-factor authentication (TFA) codes and URLs;
- Internal API keys;
- IP addresses;
- Hashed passwords;
- Profile photo URLs;
- Secret keys (obfuscated or encoded);
- Wallet addresses and related blockchain transaction info;
- Deposit/withdrawal history, currency types, block statuses;
- Admin support logs and Help Center communications.
The Cybernews team responsibly disclosed the issue to the company immediately after discovering the leaky database. However, the company did not react to multiple attempts to reach out.
For more information, here’s the full report: https://cybernews.com/security/ncx-exchange-data-leak-wallets-exposed/
Like this:
Like Loading...
Related
This entry was posted on October 28, 2025 at 2:19 pm and is filed under Commentary with tags Cybernews. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Major crypto exchange leak exposes user wallets, passwords
The Cybernews research team has discovered an unprotected MongoDB database leaking massive amounts of sensitive information. The dataset, attributed to crypto trading platform NCX, revealed several data collections that, when combined, reveal over five million records.
Many businesses utilize MongoDB to handle large swaths of unstructured data. However, NCX appears to be plagued with a common issue: databases are left unprotected without authentication, often due to human error.
The exposed information includes:
The Cybernews team responsibly disclosed the issue to the company immediately after discovering the leaky database. However, the company did not react to multiple attempts to reach out.
For more information, here’s the full report: https://cybernews.com/security/ncx-exchange-data-leak-wallets-exposed/
Share this:
Like this:
Related
This entry was posted on October 28, 2025 at 2:19 pm and is filed under Commentary with tags Cybernews. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.