YouHodler’s cryptocurrency platform has leaked confidential user data, including cryptocurrency wallet addresses and credit card numbers.
VpnMentor and the team led by data processing and analysis specialists Noam Rotem and Ran Locar discovered a large leak of personal data, affecting 86 million records.
YouHodler provides cryptocurrency lending services. The company allows users to instantly convert crypto assets to US dollars or euros. The loan platform supports BTC, BCH, ETH, LTC, XLM, XRP, DASH and other cryptoactives.
As a result of the leak with YouHodler, a large amount of confidential data was disclosed, including full user names, email addresses, residential addresses, telephone numbers, birthdays, credit card numbers, including CVV codes, full bank details and cryptocurrency wallets.
The researchers stressed how serious and large-scale the consequences of such a leak. For example, YouHodler marked credit card security codes (CVV) as “identification data,” and these CVV codes were stored unencrypted. In addition, the researchers added:
“We found the full credit card numbers in plain text, as well as the expiration date of the card, but without the CVV code. However, in the end, we still got all the details needed for complete control over the card, including the CVV numbers. ”
Similarly, the full user names, addresses and bank details, including the account number and the SWIFT code, were disclosed. In some cases, records containing the addresses of cryptocurrency wallets have also been disclosed. The researchers concluded:
“It was easy to link accounts with a cryptocurrency wallet address. Although the contents of the wallets are publicly available, they remain anonymous. Binding a name and address to a wallet can have serious consequences. ”
VpnMentor is a research company that specializes in protecting the privacy of users on the Internet. According to a team of researchers, they found a data leak as follows:
“We found a leak in the YouHodler database as part of our web-mapping project. Ran and Noam check ports to find known IP blocks. Finding IP blocks, they search the system for flaws that would indicate an open database. Using their experience, they can confirm the source of the leak in order to track the data to their owner. ”
After vpnMentor contacted YouHodler on July 22, 2019, the company fixed a breach in the database security system the next day.
Recently, the QuickBit Swedish Cryptocurrency Exchange also allowed
300,000 client data leak through unprotected MongoDB database during upgrade. During this period, approximately 2% of QuickBit clients opened information about names, addresses, email addresses and incomplete card information.