Altcoin News: YouHodler Has a Data Leak of 86 Million Users Records

July 26, 2019, by Marko Vidrih on ALTCOIN MAGAZINE

YouHodler’s cryptocurrency platform has leaked confidential user data, including cryptocurrency wallet addresses and credit card numbers.

VpnMentor and a team led by data processing and analysis specialists Noam Rotem and Ran Locar discovered a large leak of personal data, affecting 86 million records.

YouHodler provides cryptocurrency lending services. The company allows users to instantly convert crypto assets to US dollars or euros. The loan platform supports BTC, BCH, ETH, LTC, XLM, XRP, DASH, and other altcoins.

As a result of the leak with YouHodler, a large amount of confidential data was disclosed, including full user names, email addresses, residential addresses, telephone numbers, birthdays, credit card numbers, including CVV codes, full bank details and cryptocurrency wallet addresses.

The researchers stressed how serious and large-scale the consequences of such a leak. For example, YouHodler marked credit card security codes (CVV) as “identification data,” and these CVV codes were stored unencrypted. In addition, the researchers added:

“Here, we found the card number in full, stored in plain text as well as the expiration date, but without the CVV number. However, the first example shows that we still found all of the details needed to take full control of the card — including CVV numbers.”

Similarly, the full user names, addresses and bank details, including the account number and the SWIFT code, were disclosed. In some cases, records containing the addresses of cryptocurrency wallets have also been disclosed. The researchers concluded:

“It was simple to link the account above to the Bitcoin wallet address. While the contents of crypto-wallets are publicly available, they are purposely anonymous. Linking a name and address to a wallet could have serious consequences.”

VpnMentor is a research company that specializes in protecting the privacy of users on the Internet. According to a team of researchers, they found a data leak as follows:

“We found the leak in YouHodler’s database as part of our web-mapping project. Ran and Noam examine ports to find known IP blocks. Once they’ve discovered IP blocks, they look for holes in the system that would indicate an open database. Using their technical expertise, they can confirm the identity of a leak to trace the data back to its owner.”

After vpnMentor contacted YouHodler on July 22, 2019, the company fixed a breach in the database security system the next day.

Recently, a Swedish exchange cryptocurrency QuickBit also allowed data leakage 300,000 customers through unprotected MongoDB database during the upgrade. During this period, approximately 2% of QuickBit clients opened information about names, addresses, email addresses and incomplete card information.

Author: Marko Vidrih