- The leaky database exposed users’ names, dates of birth, email addresses, addresses, phone numbers, passport numbers, passwords hashed with SHA-256, credit card numbers along with expiration dates, CVV numbers, bank details, and crypto wallet addresses.
- YouHodler acknowledged the leak on July 23, 2019, and secured the database by disabling public access.
Researchers from vpnMentor, Noam Rotem and Ran Locar uncovered an unprotected database belonging to YouHodler as part of their web-mapping project.
YouHodler is a cryptocurrency lending platform that helps users to request crypto-loans or to convert their crypto-holdings to conventional currencies.
What information was exposed?
The unsecured database exposed over 86 million records of user data including names, dates of birth, email addresses, addresses, phone numbers, passport numbers, passwords hashed with SHA-256, credit card numbers along with expiration dates, CVV numbers, bank details, and crypto wallet addresses.
- The researchers noted that a few records stored both user names and credit card numbers together.
- Exposed bank details included account number, SWIFT code, and the bank’s address.
“The nature of the data that leaked from YouHodler’s database could have serious consequences. However, with full, unencrypted credit card numbers, CVV numbers, expiration dates, and cardholder names, a bad actor would have complete control over a user’s credit card,” researchers said in a blog.
What was the response?
Upon discovery, the researchers notified YouHodler about the open database on July 22, 2019. YouHodler acknowledged the leak on July 23, 2019, and secured the database by disabling public access.
Publisher
/https://cystory-images.s3.amazonaws.com/shutterstock_130577177.jpg)
/https://cystory-images.s3.amazonaws.com/shutterstock_96851332.jpg)
