Cryptocurrency startup YouHodler has reportedly exposed troves of sensitive customer data including credit card information because it forgot to protect its server with a password.
According to security researchers Noam Rotem and Ran Locar, who uncovered the leak, the company took the database offline as soon as it was notified.
The database consisted of 86 million lines of daily updating records of activity on the lending platform, featuring logs and computer demands based on users’ activity on the front-end website.
TechCrunch, which broke the news, says it’s seen records containing sufficient information to make fraudulent card purchases – with names, credit card numbers, card verification numbers, and expiry dates readily available for fraudsters. None of the data was encrypted.
The database also contained banking information: names, addresses, bank account, SWIFT codes, and transaction amounts.
Roten and Locar also said it contained customer phone numbers and in some instances, passport information.
“The amount of information included in the database makes stealing a users identity a simple task,” the researchers told TechCrunch.
The reported leak comes amid heightened concerns about customer data protection in the wake of several high-profile leaks and hacks, both in and outside of the cryptocurrency arena.
In fact, Swedish cryptocurrency exchange QuickBit made headlines a few days ago after it allegedly leaked 300,000 customer records via an unprotected MongoDB database – so I guess data leaks are back in season. Yay.
Published July 25, 2019 — 08:15 UTC