A cryptocurrency lending platform has been called out for a possible breach that saw it lose the private data of its customers. According to security researchers with vpnMentor, YouHodler has exposed the data of thousands of its users after its database info was leaked. In a blog post about the security failure, vpnMentor, which typically covers virtual private networks (VPN) and different VPN applications, says, \u201cThe breach exposed a huge amount of data. There were over 86 million records that included users\u2019 full names, email addresses, addresses, phone numbers, birthdays, credit card numbers, CVV numbers, full bank details, and in some cases crypto wallet addresses. The implications of this breach are extensive.\u201d The company contacted YouHodler on July 22 to inform them of the security flaw. The lending platform responded a day later, acknowledging the issue and asserting that it had taken proper measures to close the breach. What stands out in the egregious lack of security protocols is that the information was all stored in unencrypted files. Given the fact that credit card numbers and their associated CVV (card verification value) \u2014 the three- or four-digit security code associated with the card \u2014 were easily accessible doesn\u2019t paint a pretty picture for how the company may be treating assets it holds for users who take out loans. The company has reportedly processed over $10 million in transactions from 3,500 customers since it launched and has customers in over 35 countries, including the U.S., France, the U.K., Canada and Russia. vpnMentor continues, \u201cThe nature of the data that leaked from YouHodler\u2019s database could have serious consequences. Any platform that stores credit card data should be taking several security precautions. If YouHodler only stored the BIN and last four digits of user credit cards, there wouldn\u2019t be as much of an impact in this regard. \u201cHowever, with full, unencrypted credit card numbers, CVV numbers, expiration dates, and cardholder names, a bad actor would have complete control over a user\u2019s credit card. Furthermore, having storing CVV numbers is a violation of the PCI regulations imposed by credit card companies. This could be used to run up fraudulent charges and as a means of authentication for other accounts that belong to the user.\u201d The breach was discovered after company researchers began working on a web-mapping project that involved identifying ports associated known IP blocks. After identifying the blocks, the researchers try to find holes that allow access to a database and, in the case of YouHodler, a huge hole was found.