Connect with us

TOP BREAKING NEWS!

Cryptocurrency loan site YouHodler exposed unencrypted user credit cards and transactions


Technology

Cryptocurrency loan site YouHodler exposed unencrypted user credit cards and transactions

https://techcrunch.com/2019/07/24/youhodler-exposed-unencrypted-credit-cards-transactions/

A cryptocurrency loan startup exposed reams of customer credit cards and user transactions for almost a month — because it forgot to protect the server with a password.

Security researchers Noam Rotem and Ran Locar found the database belonging to YouHodler, a lending platform designed for cryptocurrency, which claims to have processed $10 million in loans to more than 3,500 customers. The researchers shared their findings exclusively with TechCrunch, and to verify the authenticity of the data. The researchers also wrote up their findings.

Once the researchers reported the leaking data, the company pulled the database offline.

The database contained 86 million lines of daily updating records of the lending platform, containing streams of logs and computer commands based on users’ interactions on the front-end website. That also included sensitive information such as every time a transaction or a loan went through.

Among the records we reviewed, we found records with enough information to make fraudulent card purchases — such as names, transaction amounts, and credit card numbers, including card verification numbers (CVV) and expiry dates.

None of the data was encrypted.

1 kibana data

One of the transaction records exposing unencrypted credit card data. (Image: TechCrunch)

A Step-By-Step Blueprint For Making Money Online, That Is 100% Dummy Proof!

GET EASY FREE TRAFFIC + AFFILIATE OFFER = COMMI$$IONS

Get The Simple Traffic Blueprint Now!

Several other records seen by TechCrunch contained banking information, including names, addresses, bank account and routing numbers, SWIFT codes, and the transaction amount.

The database also contained customer phone numbers and in some cases passport numbers, according to the researchers.

“The amount of information included in the database makes stealing a users identity a simple task,” said Rotem and Locar.

Once the data had been secured, we reached out to YouHodler’s chief executive Ilya Volkov prior to publication but did not hear back.

It’s the latest exposed database in a stream of recent findings by the researchers in recent months.

The researchers have previously found data leaking on Fortune 500 firm Tech Data, exposed user records and private messages of Jewish dating app JCrush and leaking data from Canadian cell network Freedom Mobile, and online retailer Gearbest. Earlier in July, the researchers found an unprotected database belonging to Aavgo, which exposed user hotel bookings.

Read more:

Free Gift With Our Newsletter

We hate SPAM and promise to keep your email address safe

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Top Stories!

To Top