BSV
$47.32
Vol 18.9m
2.44%
BTC
$69815
Vol 46883.59m
2.19%
BCH
$343.08
Vol 278.79m
1.98%
LTC
$66.39
Vol 369.72m
-0.19%
DOGE
$0.17
Vol 3856.85m
12.1%
Getting your Trinity Audio player ready...

A cryptocurrency lending platform has been called out for a possible breach that saw it lose the private data of its customers. According to security researchers with vpnMentor, YouHodler has exposed the data of thousands of its users after its database info was leaked.

In a blog post about the security failure, vpnMentor, which typically covers virtual private networks (VPN) and different VPN applications, says, “The breach exposed a huge amount of data. There were over 86 million records that included users’ full names, email addresses, addresses, phone numbers, birthdays, credit card numbers, CVV numbers, full bank details, and in some cases crypto wallet addresses. The implications of this breach are extensive.”

The company contacted YouHodler on July 22 to inform them of the security flaw. The lending platform responded a day later, acknowledging the issue and asserting that it had taken proper measures to close the breach.

What stands out in the egregious lack of security protocols is that the information was all stored in unencrypted files. Given the fact that credit card numbers and their associated CVV (card verification value) — the three- or four-digit security code associated with the card — were easily accessible doesn’t paint a pretty picture for how the company may be treating assets it holds for users who take out loans. The company has reportedly processed over $10 million in transactions from 3,500 customers since it launched and has customers in over 35 countries, including the U.S., France, the U.K., Canada and Russia.

vpnMentor continues, “The nature of the data that leaked from YouHodler’s database could have serious consequences. Any platform that stores credit card data should be taking several security precautions. If YouHodler only stored the BIN and last four digits of user credit cards, there wouldn’t be as much of an impact in this regard.

“However, with full, unencrypted credit card numbers, CVV numbers, expiration dates, and cardholder names, a bad actor would have complete control over a user’s credit card. Furthermore, having storing CVV numbers is a violation of the PCI regulations imposed by credit card companies. This could be used to run up fraudulent charges and as a means of authentication for other accounts that belong to the user.”

The breach was discovered after company researchers began working on a web-mapping project that involved identifying ports associated known IP blocks. After identifying the blocks, the researchers try to find holes that allow access to a database and, in the case of YouHodler, a huge hole was found.

Recommended for you

Tether execs draw dividends as threat of US indictment grows
Tether issued its latest quarterly 'attestation' of the reserve assets allegedly backing the $119.4B in issued USDT as of September...
November 5, 2024
Blockchain firm R3 looking for a buyer: report
R3 has raised over $120 million over the years, but broader market conditions have proven tough as its permissioned blockchain...
November 5, 2024
Advertisement
Advertisement
Advertisement