According to reports on February 25th, the decentralized privacy platform Aleo suffered a data breach, potentially revealing some of its customers’ sensitive information.
Several users complained on Twitter that Aleo had sent them other users’ Know Your Customer (KYC) documentation, including ID images and selfies, when they signed up for rewards programs.
To comply with anti-money laundering legislation, Aleo asks users to undergo KYC verification through the third-party service HackerOne before claiming incentives. However, this method appears to have resulted in sensitive documents being shared with unintended parties.
Furthermore, Aleo relies on advanced zero-knowledge cryptocurrencygraphy to facilitate private transactions, therefore the failure to protect user data is hilarious. As one expert pointed out, “a protocol for programmable privacy” should never permit access to plain text user information in this way.
More From Crypto SA
