Altcoin News: Data Leaked from QuickBit Exchange Compromised 300,000 Users

July 23, 2019, by Marko Vidrih on ALTCOIN MAGAZINE

The Swedish QuickBit cryptocurrency exchange recently added to the listing of the Nordic Growth Market, leaked data to 300,000 customers through an unprotected MongoDB database.

The exchange confirmed this information in a series of messages on its investor relations forum. The leak, described in detail by security researcher Paul Bischoff, first emerged after the search engine Shodan noted the existence of an open database. QuickBit stated that an external contractor left the data unprotected while attempting to update the security system. The Bischoff report states:

“QuickBit has recently adopted a third-party system for supplementary security screening of customers. In connection with the delivery of this system, it has been on a server that has been visible outside QuickBits firewall for a few days, and thus accessible to the person who has the right tools. During the delivery period, a database has been exposed with information about name, address, e-mail address and truncated (not complete) card information for approximately 2% of QuickBit’s customers.”

Bischoff wrote that the QuickBit team took action against the database on July 3, receiving a notice that it was open. The records contained the full names, addresses, email addresses, the gender of the user and date of birth. QuickBit said that passwords or social security numbers, as well as cryptocurrency keys, were not lost.

“In addition to those records, we also discovered 143 records with internal credentials, including merchants, secret keys, names, passwords, secret phrases, user IDs, and other information,” wrote Bischoff.

The company became public on July 11, and its market capitalization is about $22 million. In QuickBit noted:

“Data security is of utmost importance for QuickBit.”

Recently it became known that the South Korean crypto exchange Bithumb is trying to hold accountable for the fact that it did not take adequate measures to protect the personal information that was subsequently used by hackers.

Author: Marko Vidrih