Dear valued ONUS users,
Privacy, security, and transparency are always at the top of ONUS’s priority in providing services. That is why we want to inform our users that the ONUS system has been compromised as a result of a large-scale cyber attack. Through a security hole, a third party was able to gain unauthorized access to and steal certain critical ONUS data.
Details about the attack
During monitoring, CyStack – ONUS’s security partner, detected and reported a cyber attack on ONUS system to us. The hacker took advantage of a vulnerability in a set of libraries on the ONUS system to get into the sandbox server (for programming purposes only). However, due to a configuration problem, this server contains information that gave bad guys access to our data storage system (Amazon S3) and stole some essential data. This leads to the risk of leaking the personal information of a large number of users, including:
- Email and Phone number
- KYC information
- Encrypted password
- Transaction history
- And some other encrypted information
Please note that this cyber attack did not affect any assets on ONUS.
To ensure our users’ safety, the ONUS team has actively worked with security experts to find vulnerabilities, thoroughly fix them, and implement additional methods to improve the whole system’s security. We also carried out an upgrade to the asset management and storage system (ONUS Custody). In addition, to limit the risks that may be encountered in the future, please change your ONUS application password.
If you find any property loss, please notify us so that we can verify and compensate with the ONUS Protection Fund. Details: https://goonus.io/en/assets-protection/
We sincerely apologize and hope for your understanding. This is also an opportunity for us to review ourselves, upgrade and further perfect the system to assure the safety of our users, especially during the transition from VNDC to ONUS.