Author: Marshaka
While people enjoy the convenience of the Internet, it also brings private data one step closer to streaking.
Recently, many people in the currency circle have fallen into the trouble of "information leakage".
In the past month, many investors in the currency circle have received a type of call: the other party claims to be the customer service of Huobi (or Binance, OKex, Jinse Finance, Bitmain, Bitworld, etc.), claiming that the platform is doing activities , there are professional analysts who bring orders in the group, and add a WeChat to pull you into the group.
Most of these calls start with 146, 165, and 170. The other party not only knows that you are a user of the currency circle, but some even directly expose your name! When you really join the group, they will either let you buy spicy chicken coins, or sell you stocks, in short, they will trick you into spending money in different ways.
In fact, Huobi, Binance and other exchanges have issued statements that these calls are all fake customer service. Therefore, information containing your phone number, name, or even ID card is likely to be sold. As for how the information was leaked and sold, it is still a mystery.
Privacy leaks in the currency circle have become the norm
Yesterday afternoon, a user named Guardian M posted a series of high-definition photos of holding ID cards in the telegram group. These pictures were all taken for Binance KYC certification. The time was February 2018. In China, the United States, Japan, South Korea and other places, there are already 480 uncensored photos in the telegram group that everyone can see.
Some domestic users even found their own information in the leaked photos, and Binance was pushed to the forefront for a while, and the news of "Binance KYC information leaked" was spread throughout the major communities and social media, making the entire currency circle People panic.
In fact, this batch of information was "leaked" as early as the beginning of this year. Binance pointed out in its latest statement that it was recently threatened and asked to exchange 300 bitcoin chips for the 10,000 KYC information he claimed to have, but Binance did not agree.
Obviously, the user named "Guardian M" chose malicious revenge because he did not receive the extortion money. After this incident, the user logged out of his account and disbanded the Telegram group with more than 10,000 people watching.
After this "prank", the criminal has already escaped, but after experiencing this horror, people in the currency circle have to sweat for the KYC certification information they have done, and no one knows whether their information is in the black market Fleeing.
Earlier, in May last year, a large number of users in the currency circle who had registered with an exchange received multiple text messages saying "HLC halal chain signed a contract with XX", and at the end of the text message it was revealed that "it will rise soon", To lure users to buy the currency.
Regardless of whether the news was sent by the project party or not, it is undeniable that the mobile phone information of currency circle users has been leaked and has been "precision marketing".
secondary title
How is this information leaked?
In the Internet age, privacy leakage is nothing new.
Generally speaking, there are 4 ways to be leaked: hacker theft, corporate thieves, user registration on an informal website, and user mobile phone software leading to information leakage.
1. Hackers steal
Many large companies have been attacked by hackers. Facebook has been hacked to leak 30 million user information. The consumer information of Uniqlo shopping website has also been stolen by hackers. The domestic A station and Mobike user information have also been stolen by hackers. And these The information is sold in a high-profile manner on the Telegram group and the dark web.
The currency circle is a favorite "cash machine" for hackers. They not only steal information, but also take away thousands of assets, often scaring the market of the currency circle into a plummet. In recent years, countless large and small exchanges have been attacked by hackers, and the risk of user privacy leakage is self-evident.
2. Register with an informal website
Whether surfing the Internet or shopping, there are requirements for "filling in personal information" and "registering an account" everywhere, and some small companies or small websites often make "wrong ideas" after receiving personal information, and sell these materials to P2P at high prices For financial management, insurance, and house selling, because users leave too many places for information, it is impossible to know which one leaked it.
Looking at the currency circle, it is the same situation. Users will inevitably register some unknown project websites or some pheasant exchanges because of some "airdrop temptation". It is very low, and it is easier to do some rampant things of selling information.
3. Thieves in the enterprise
In the event of an information leakage incident, many people will immediately point the finger at the main body of the enterprise, thinking that it is an unscrupulous enterprise that actively leaks user information, but in fact, some enterprises that really want to do things, their purpose is to make money, and "sell information" This can directly block this road, and the bigger the company, the less likely it is to do such a loss-making business.
But no matter how self-respecting the company is, it can't stop insiders, and many privacy leaks in this world are caused by "our own people".
4. Mobile phone software leakage
At the beginning of this year, a hacker stated on the dark web that he had obtained the information of 100,000 users in the currency circle, and posted photos of some users’ ID cards in the post, some of whom were KYC users of Binance, Kraken, and Bitfinex material.
When users suspected that the information was leaked by these exchanges, Binance told the media: "The internal information of Binance all uses electronic watermarks, and the pictures on the Internet do not have Binance-specific electronic watermarks, so I am sure that these materials are not from within Binance. information."
The boss of Kraken also stated that the exchange did not leak information. He pointed out: "The photos are likely to be leaked in the user's mobile phone. For example, iCloud/GSuite software accounts that can synchronize mobile phone photos have been phished."
In fact, some mobile phone software can often obtain a large number of permissions to read photos, mobile phone numbers, and text messages without the user's knowledge. The photos stored in iCloud by Jennifer, the heroine of "The Hunger Games", have been leaked.
secondary title
How to save the privacy of streaking?
Even more frightening than data breaches is the fact that you have no way of knowing what else your personal information is being used for besides being resold second-hand or third-hand. What do people who buy user identity information use it for besides selling it to people who make sales calls?
1. Used to register various accounts
There are illegal accounts on the Internet that sell accounts in bulk. A WeChat ID registered with a real name can be sold for 60 yuan, and a real-name Alipay account can also be bought for 20 yuan.
However, personal information is used most often for "sweeping wool". Registering a P2P financial app with real identity information can get a reward of 50 yuan. Many Internet companies also have such registration "countervailing" activities.
2. Used to apply for online loans
When online loan platforms were popular, some online loan companies did not have strict risk control and would often lend money in violation of regulations. Criminals could apply for online loans by taking your information for verification. And if you have your four-piece set of "ID card, bank card, bank card password, phone card", you can directly get a loan of tens of thousands of yuan.
In addition to these, personally identifiable information may also be used for money laundering, legal persons registered as shell companies, precise online fraud, etc. In short, the more detailed the information, the more places it can be used.
On the Bitcoin forum, a user posted a post asking: "Are you worried about KYC certification?" The post attracted hundreds of replies, and most of them replied: "I am worried about the information being leaked, but I can't change anything. , must be filled in when registering with the exchange.”
In the face of the law, general exchanges will require KYC certification in order to avoid suspicion of money laundering. "Uploading information" is probably something that most people in the currency circle cannot escape.
So how should people in the currency circle reduce the risk of privacy being leaked? Here is a feasible idea for you:
Don't register some pheasant exchanges and some websites with unknown origins. If these websites can't go on, your information will become the only valuable thing;
Apply for an additional mobile phone card to bind Alipay, bank card, and digital currency accounts separately;
Avoid "one string of passwords to go all over the world", try to use several different passwords for different fund accounts;
Do not click on the link in the email easily to avoid being phished;
A special bank card is used for the entry and exit of currency speculation funds;
Try not to save your personal ID card or hold your ID card information in your mobile phone or computer.
