Cryptocurrency trading platform Bitfinex experienced an embarrassing issue last night/earlier today that leaked non-identifying user information to other clients using the platform.
User reports indicate that upon viewing the order book, another user’s account may have been listen in addition to their balances. You can view a thread discussing this very issue on Reddit.com here.
That thread reads [in part]:
[blockquote style=”2″]Just a heads up, there doesn’t seem to be any immediate threat of stolen coins, but if you log in to BFX and click on the orderbook you may see someone else’s account listed with their balances. It goes away if you navigate to any other tab. Still really bad of BFX to let this happen.[/blockquote]
But before you panic, there hasn’t been a compromise of any sort, according to Bitfinex.
“The problem stems from Incapsula’s (anti-DDOS service) caching of dynamic pages, which it shouldn’t be doing,” a company spokesperson told me Monday morning. “This appears to be happening intermittently and not in all geographic areas.”
Bitfinex, in response, has disabled Incapsula’s services, which should immediately remedy the situation for users affected. Bitfinex says they are waiting to here what Incapsula has to say about the issue, and how it will be fixed permanently.
The spokesperson adds, “While this issue may have leaked some info regarding other users, no identifying information was leaked aside from username and, at no time was there a security threat that would potentially allow anyone to interact with someone else’s account.”
