404 Media posted that “Binance code and ‘highly sensitive’ internal passwords were exposed on GitHub for months.” Binance refuted the report and argued that the code was outdated and posed “a negligible risk.”
According to a report by 404 Media on January 31, a cache of "code, infrastructure diagrams, internal passwords and other technical information" exists on GitHub, including information about how the exchange enforces passwords and multi-factor authentication.
The report states that Binance successfully asked GitHub to remove the files by filing a copyright takedown request on January 24, with the exchange saying the information "posed a significant risk" and had been posted "without authorization."
But a Binance spokesperson told Cointelegraph that the person “shared very outdated information on GitHub,” and their security team confirmed that the cache was “not the same as what we currently have in production.”
Binance added that the information "poses negligible risk to users and their assets, as well as the security of the Binance platform" and that the information is outdated and cannot be used by any third party or malicious actor; Binance will protect its past or intellectual property rights now, and aimed to mitigate harm caused by "unnecessary confusion or unfounded concerns about the release of private data," it issued a takedown request to GitHub and took legal action against the user.
However, Binance's request to GitHub repeatedly claimed that the information was "our customers' internal code, which poses a significant risk to Binance. It has also caused significant financial harm to Binance and user confusion/harm." Binance did not respond to further questions on the matter. (Cointelegraph)