Thursday, November 19, 2015

Security incident report 18th November

Yesterday on the 18th of November we had a security incident, the vulnerability has since been identified and has been patched.

In the late afternoon UTC a user opened up two trades with two different traders on our site, the buyer then managed to release both escrows to himself without the traders knowledge. Thanks to quick reporting and cooperation by both traders we were able to react quickly and start investigating the incident.

After conducting a thorough investigation we can conclude that this incident was isolated to these two trades. The vulnerability was related to a legacy feature on our site and only traders with certain advertisements were vulnerable. The vulnerability has now been fixed and LocalBitcoins will issue full compensation to both traders in order to cover their losses.

We want to thank our users for quickly reporting the incident to us so that we could take immediate appropriate action.