A misconfigured MongoDB database has led to the leak of names, email and physical addresses, wallet information, encrypted passwords, and driver’s license and passport numbers of 25,000 early investors in Bezop. The leak deals a second security-related blow in months to the e-commerce startup, which hopes to give retail giant Amazon a run for its money by fashioning its business around digital currency.
Bezop is a decentralized blockchain-powered commerce platform, similar in some ways to Amazon, that hopes to be “the future of global trade,” according to its creators.
“No monthly fees, Build professional amazon-like stores and start accepting cryptocurrency in minutes,” reads a marketing tagline on the firm’s website.
The business is based on its own Bezop cryptocurrency, which trades under the name BEZ. Users are promised several sure-fire ways to generate profits, not just by selling goods in exchange for crypto coins, but also by participating in “mining” programs for an extra incentive.
However, things went awry for Bezop when researchers at Kromtech (a developer of popular macOS utilities) found a misconfigured MongoDB database that was showing the personal information of 25,000 Bezop investors in plain text – publicly, for anyone with access to the Internet to see.
When alerted to the breach in March, Bezop fixed the problem but made no public admission that it messed up so badly – if there’s one thing a startup needs like air, it’s the trust of its early backers.
Sadly for Bezop, it’s not the first time the company has made headlines for insecure handling of user data. As reported by hackread.com, only a few months ago the company sent usernames and passwords in cleartext format.
John McAffee (the founder of the security firm with the same name) sits on Bezop’s board of directors, but his expertise has apparently yet to rub off on the company he is backing.