VpnMentor Finds Sensitive Data Leak in Crypto Loan Platform YouHodler

Published at: July 24, 2019

Security researchers from virtual private networks-focused website vpnMentor have identified data breach in digital currency loan platform YouHodler. The breach concerned user information, according to a press release shared with Cointelegraph on July 24.

According to vpnMentor, the leak exposed over 86 million records that contained information such as full personally identifiable information, credit card numbers and credit card verification values, and bank account details, as well as detailed data regarding users’ crypto wallets and transactions.

The breach purportedly enabled anyone in possession of the data to find the real identity of digital currency owners and the amount they own. In a dedicated blog post, vpnMentor noted that although YouHodler stores password data, it uses a SHA-256 hash which is a robust encryption algorithm that is difficult to break. The post further stressed the possible impact of the data breach, saying:

“The nature of the data that leaked from YouHodler’s database could have serious consequences. Any platform that stores credit card data should be taking several security precautions. If YouHodler only stored the BIN and last four digits of user credit cards, there wouldn’t be as much of an impact in this regard.”

VpnMentor discovered the leak in YouHodler’s database as part of its web-mapping project, wherein vpnMentor’s researchers examined ports to find known IP blocks and went on to look for holes in the system that would signify an open database. vpnMentor writes that it contacted YouHodler on the issue on July 22 and YouHodler responded on July 23 that they closed the breach.

Earlier this week, Cointelegraph reported that database issues at the Swedish digital currency exchange QuickBit resulted in a breach of sensitive data of 2% of its users, including personal data such as names, addresses, email addresses and card information.

Tags
Related Posts
New Spyware Replaces Crypto Wallets on Clipboard via Telegram: Report
Amerian Internet infrastructure firm Juniper Networks has found a new spyware that uses Telegram app to replace crypto addresses with its own. Masad Clipper and Stealer Juniper Threat Labs, a threat intelligence portal at Juniper Networks (NYSE: JNPR), discovered a new Trojan-delivered malware implementing major global messaging app Telegram to exfiltrate stolen information, according to threat research released on Sept. 26. Reportedly circulating under the name “Masad Clipper and Stealer” on black market forums, the spyware is capable of stealing a broad list of browsing data, including usernames, passwords, credit card information. Moreover, the malware also includes a function that …
Altcoin / Sept. 28, 2019
Swedish Crypto Exchange QuickBit Announces User Data Breach
Database issues at the Swedish digital currency exchange QuickBit resulted in a breach of sensitive user data, according to an official announcement published on July 22. In the announcement, QuickBit revealed that personal data such as names, addresses, email addresses and card information of 2% of its customers was exposed. QuickBit said that no passwords or social security numbers, complete account or credit card information, cryptocurrency or private keys, or financial transactions were exposed or affected. QuickBit initially published its suspicions about the data incident on July 19, stating that their internal investigation indicated that neither QuickBit nor the company's …
Altcoin / July 22, 2019
Japan: Crypto Exchange Coincheck Resumes NEM Trading Almost 10 Months After Major Hack
Recently re-opened Japanese crypto exchange Coincheck has announced it has resumed NEM (XEM) crypto token trading after a restructuring of its platform by external “security experts,” South Korean news outlet FNNews reports Nov. 13. In January of this year, Coincheck suffered an industry record-breaking hack when $534 million worth of NEM was stolen from its wallets. This latest development from Coincheck reveals the exchange has “joined the Japan Security Association and is “ready to renovate its image.” Alongside NEM trades, the platform has also opened support for Ethereum (ETH) and Lisk (LSK). Coincheck is quoted as saying that "technological safety …
Trading / Nov. 13, 2018
Five Critical Vulnerabilities Discovered in EOS in 2019, HackerOne Data Shows
EOS.io, the company responsible for the development of fourth-largest crypto by market cap EOS, has handed over bug bounties for five critical vulnerabilities this year. Public activity on breach disclosure platform HackerOne revealed the bounties. On Jan. 10, $40,750 was awarded to five white hat hackers on the platform by EOS.io, and the day after, another researcher received a $10,000 bounty. Five of those bounties are equivalent to $10,000 each, which is the highest possible payout reserved by the company only for the most critical vulnerabilities. The Tron Foundation, the company behind the cryptocurrency Tron, also awarded four bounties in …
Altcoin / Feb. 5, 2019
Crypto hacks are set to hit all-time highs in 2022, analyst explains
Reducing the amount of hacking by improving cybersecurity should be considered a top priority for the crypto industry, said Kim Grauer, director of research of blockchain intelligence firm Chainalysis. As pointed out by the firm, this year could outpace 2021 in terms of crypto stolen through hacks. The vast majority of these exploits have been targeting the field of decentralized finance. “This can't go on in the industry because people are going to lose faith in investing in DeFi platforms”, Grauer said in an interview with Cointelegraph. Unlike centralized exchanges, which have improved their resiliency to crypto hacks, decentralized protocols …
Blockchain / Oct. 19, 2022