One of the largest digital currency exchanges in Turkey has finally admitted to a data breach that happened three years ago. BtcTurk had initially denied the hack, but after hackers started posting some of the data they accessed, the exchange was forced to come clean. They assured users that their funds were safe, and no critical data was stolen.
In a statement on its website, the exchange affirmed that indeed, it had suffered a data breach in July 2018. However, this breach only affected non-financial data such as names and identity numbers, emails, address information, mobile phone numbers and the last IP from which they logged into their account before July 2018.
They added, “We would like to announce to you that the data (selfie / selfie records, balance information, bank accounts, financial passwords and qualified data) of our users who are affected by the breach, which are not included in the data set, are not affected by this breach.”
The announcement by BtcTurk came days after reports emerged that the data that was stolen in 2018 had surfaced in an online forum sale. Even more curiously, the seller claimed that the data contained information such as user selfies with their IDs, a detail the exchange denied.
Several users took to social media over the weekend to share the data they had come across on the online sale, with most of them affirming the seller’s claims. All this time, the exchange stuck to its stand that no data had been stolen from its database. However, it would turn back days later and confirm the 2018 breach, which according to its statement affected 516,954 users.
BtcTurk has assured its users that their passwords were not compromised.
“With the PBKDF2 algorithm, passwords are stored unilaterally and are protected in a way that no one except the user with the relevant password can know. It is not possible to detect passwords by reversing the PBKDF2 algorithm with current technological possibilities.”
The exchange has started to contact all the users whose data was accessed. In addition, it improved its security system to ensure that such a situation doesn’t recur in the future. Users must, however, continue to be vigilant especially as the number of phishing attacks are on a rise, the exchange added.
BtcTurk is the latest Turkish exchange to grab headlines for the wrong reasons in the past few weeks. A month ago, one of the largest exchanges in the country mysteriously shut down. Thodex exchange went down with over $2 billion in funds from 400,000 users. Turkish police have since arrested 62 people with close ties to the exchange.
Just days after the Thodex debacle, yet another exchange, Vebitcoin also shut down. It blamed the shutdown on a rise in transaction volume and new regulations.
See also: CoinGeek Live panel, Digital Currency & Global Compliance: Tools & Tips for Exchanges, Wallets & Other Service Providers
New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.