A post on a dark web forum claims to have leaked the personal data of 12.8 million Binance users, which purportedly includes sensitive information such as names, email addresses, phone numbers, birthdays, and physical addresses. But Binance says it’s a hoax.
A user named "FireBear" on Monday claimed on a breach-related forum that they had obtained a database containing personal information of the Binance users, allegedly leaked in August.
The post claims the leaked data includes "Last_Name, First_Name, Email, PhoneNumber, Birthday, Address, Zipcode, [and] Address2" of Binance users.
A partially obscured sample of the purported data was provided, along with an offer to sell the information "in part or as a whole." The poster invited direct contact from interested parties, raising alarms about potential misuse of this sensitive data.
Binance, however, denied these claims.
"This is false. Our security team has looked into the claims and we can confirm that this is not a Binance data leak,” a Binance spokesperson told Decrypt.
Despite Binance's denial, cybersecurity experts emphasize the need for continued vigilance.
Speaking with Decrypt, Oz Tamir, a researcher at Blockaid, warned that such incidents, even if fake, often precede phishing campaigns and account takeover scams. He advised users to enable two-factor authentication and be cautious of unexpected communications to protect themselves from potential threats.
“Even if this specific breach turns out to be fake, it’s important for users to stay vigilant,” he said. “Scammers may use personal information to impersonate Binance or other trusted entities in an attempt to trick users into giving up control of their accounts.”
Addressing a fundamental issue in data security, Harry Halpin, CEO of Nym Technologies said that the problem is storing user data itself—no company should do this, in his view.
“As no matter how good your security is—and Binance likely has very good security—someone will hack you or there will be an insider leak," Halpin told Decrypt. He advocated for cryptographic solutions to avoid collecting user data altogether.
Luciano Ciattaglia, Director of Services at Hacken, expressed skepticism about the alleged leak. He said that Binance is known for its strong security protocols and mindset, with personally identifiable information (PII) safeguarded by multiple layers of protection, making it one of the most secure assets on the platform.
He suggested that the claim is likely a scam, as is often the case with such allegations.
Edited by Andrew Hayward