Security researchers have stumbled across a MongoDB database containing the personal details of over 25,000 users who invested in or received
Bezop (BEZ) cryptocurrency.
According to cybersecurity firm Kromtech, the database contained information such as full names, home addresses, email addresses, encrypted passwords, wallet information, and scanned passports, driver's licenses, or IDs.
The database stored information related to a "
bounty programme" that the Bezop team ran at the start of the year, during which it handed out Bezop tokens to users who promoted the currency on their social media accounts.
A Bezop spokesperson
admitted to the breach, claiming the database was inadvertently exposed online while the dev team dealt with a DDoS attack on January 8.
A spokesperson told Bleeping Computer today that no user funds were stolen following this exposure.