Thousands of investors who poured money and time into the John McAfee-evangelized cryptocurrency ecommerce project, Bezop, have become the victims of data theft. The startup reportedly left the personal details of more than 25,000 investors on a publicly accessible MongoDB database, including links to scanned passports, drivers licenses, and other forms of photo ID.
Bezop is a cryptocurrency startup that is reportedly designed to act as a distributed online retail platform for third-party sellers. As the paid-for-sponsor, McAfee described it, “it allows simple and secure creation of ecommerce sites — searchable in the same manner as Amazon — but with no Amazon as middleman.”
As “secure” as the eventual platform may be though, Bezop doesn’t appear to have done a tremendous job of securing its early investors’ information. The public database was accessible as recently as March 30, according to MacKeeperSecurity and revealed just about everything about investors — including scanned document images. The thousands of individuals affected by this leak are said to be early investors and promoters, the latter of whom were paid in Bezop’s tokens to promote the cryptocurrency on forums and social media.
When questioned about the leak by ThreatPost, Bezop’s Chief Technical Officer Deryck Jones brushed it off, suggesting that his leak happened in January during the initial coin offering. Although he claimed it was “disappointing,” he suggested that all investors had been informed at the time.
A Bezop engineer, Camelius Ubah, suggested in a statement that this wasn’t newsworthy: “[This] has already been addressed publicly on January 8, 2018,” he said. “Sorry to inform you that this is not news to us, neither is it to our subscribers.”
Since this story broke, Bezop’s social media response has been rather mocking, too. Even so, it has yet to do anything about the multitude of scam responses in its tweets’ replies. This has become increasingly common with cryptocurrency promotion on Twitter in recent months.
Despite this seeming internal confidence in Bezop’s ability to handle this relatively monumental leak of information, elsewhere there has been criticism of Bezop and its operators. The bounty program received special condemnation from contributors, prompting Bezop to follow up with an apology post of its own earlier this year. It also had to take steps to clarify the involvement of paid promoters like McAfee.