Unprotected MongoDB Database of QuickBit Cryptocurrency Exchange Exposes Private Data of 300,000 Customers

• The unsecured database exposed personal information for approximately 2% of QuickBit's customers.
• The exposed information includes customers’ names, addresses, email addresses, and credit card information.

Swedish cryptocurrency exchange QuickBit exposed the personal information of almost 300,000 customers due to an unprotected MongoDB database that was left publicly available without any authentication.

Key highlights

The crypto exchange said that it hired a third-party system for supplementary security screening of customers, which left the server open exposing customer records.

Upon discovery, QuickBits technicians took immediate steps to ensure that all the servers are protected behind firewalls. The open database was taken down on July 03, 2019.

What information was exposed?

• The unsecured database exposed personal information for approximately 2% of QuickBit's customers.
• The exposed information includes customers’ names, addresses, email addresses, and credit card information.
• QuickBit confirmed that no passwords, Social Security numbers, or cryptocurrency keys were exposed.

A security researcher named Paul Bischoff noted that the database also exposed another 143 records with internal credentials.

“In addition to those records, we also discovered 143 records with internal credentials, including merchants, secret keys, names, passwords, secret phrases, user IDs, and other information,” Bischoff said, Coindesk reported.

“Data security is of utmost importance for QuickBit. This press release is written based on an internal incident report. The supplier of the third party system has been involved in assessing the data security and helping us strengthen our routines,” QuickBit said in a press release.