11-22-2024
BSV
$68.94
Vol 205.16m
-6.54%
BTC
$99072
Vol 109117.64m
2.3%
BCH
$497.37
Vol 2206.91m
3.07%
LTC
$91.14
Vol 1460.24m
5.75%
DOGE
$0.39
Vol 10237.75m
2.43%
Getting your Trinity Audio player ready...

A cryptocurrency lending platform has been called out for a possible breach that saw it lose the private data of its customers. According to security researchers with vpnMentor, YouHodler has exposed the data of thousands of its users after its database info was leaked.

In a blog post about the security failure, vpnMentor, which typically covers virtual private networks (VPN) and different VPN applications, says, “The breach exposed a huge amount of data. There were over 86 million records that included users’ full names, email addresses, addresses, phone numbers, birthdays, credit card numbers, CVV numbers, full bank details, and in some cases crypto wallet addresses. The implications of this breach are extensive.”

The company contacted YouHodler on July 22 to inform them of the security flaw. The lending platform responded a day later, acknowledging the issue and asserting that it had taken proper measures to close the breach.

What stands out in the egregious lack of security protocols is that the information was all stored in unencrypted files. Given the fact that credit card numbers and their associated CVV (card verification value) — the three- or four-digit security code associated with the card — were easily accessible doesn’t paint a pretty picture for how the company may be treating assets it holds for users who take out loans. The company has reportedly processed over $10 million in transactions from 3,500 customers since it launched and has customers in over 35 countries, including the U.S., France, the U.K., Canada and Russia.

vpnMentor continues, “The nature of the data that leaked from YouHodler’s database could have serious consequences. Any platform that stores credit card data should be taking several security precautions. If YouHodler only stored the BIN and last four digits of user credit cards, there wouldn’t be as much of an impact in this regard.

“However, with full, unencrypted credit card numbers, CVV numbers, expiration dates, and cardholder names, a bad actor would have complete control over a user’s credit card. Furthermore, having storing CVV numbers is a violation of the PCI regulations imposed by credit card companies. This could be used to run up fraudulent charges and as a means of authentication for other accounts that belong to the user.”

The breach was discovered after company researchers began working on a web-mapping project that involved identifying ports associated known IP blocks. After identifying the blocks, the researchers try to find holes that allow access to a database and, in the case of YouHodler, a huge hole was found.

Recommended for you

Upbit’s license renewal in limbo; Hong Kong tightens VASP rules
South Korea is uncertain whether Upbit will have its license renewed due to possible KYC breaches; elsewhere, Hong Kong advises...
November 22, 2024
BIT Mining hit with $10M fine over bribery charges
In its previous existence as a casino and sports lottery firm, BIT Mining reportedly paid $2 million in bogus consultation...
November 21, 2024
Advertisement
Advertisement
Advertisement