Binance Code and Internal Passwords Exposed on GitHub for Months

A highly sensitive cache of code, infrastructure diagrams, internal passwords, and other technical information belonging to cryptocurrency giant Binance has been sitting on a publicly accessible GitHub repository for months, 404 Media has learned. From a report: Binance only managed to have GitHub remove the data under a copyright takedown request last week, but not before 404 Media and other people managed to view it. Although there is no public evidence this data was accessed or used by malicious parties, the cache contained a wealth of information that could be useful to hackers looking to compromise Binance's systems.

'This account is using our client's internal code which poses significant risk to Binancec. and causes severe financial harm to Binance and user's confusion/harm,' a section of the takedown request, available on GitHub, reads. Another section says the GitHub repository is 'hosting and distributing leaks of internal code which poses significant risk to BINANCE.' For example, one diagram included in a folder called 'binance-infra-2.0' shows the interlocking between different parts of Binance's various dependencies. The cache also contains a wealth of scripts and code. Some of that code appears to relate to how Binance implements passwords and multi-factor authentication. The code includes comments in both English and Chinese.

Read more of this story at Slashdot.