The Swedish QuickBit cryptocurrency exchange, recently added to the listing of the Nordic Growth Market, leaked data to 300,000 customers through an unprotected MongoDB database.
The exchange confirmed this information in a series of messages on its investor relations forum. The leak, described in detail by security researcher Paul Bischoff (Paul Bischoff), first emerged after the search engine Shodan noted the existence of an open database. QuickBit stated that an external contractor left the data unprotected while attempting to update the security system. The Bischoff report states:
“QuickBit recently introduced a third-party system to further validate customers. Due to the implementation of this system, it was located on a server that was visible outside the QuickBit firewall for several days and was thus accessible to a person who had the necessary tools to gain access. During the deployment period, approximately 2% of QuickBit clients had information about names, addresses, email addresses, and incomplete map information. ”
Bischoff wrote that the QuickBit team took action against the database on July 3, receiving a notice that it was open. The records contained the full names, addresses, email addresses, gender of the user and date of birth. QuickBit said that passwords or social security numbers, as well as cryptocurrency keys were not lost.
“In addition to these entries, we also found 143 entries with internal credentials, including merchants, private keys, names, passwords, secret phrases, user IDs, and other information,” writes Bischoff.
The company became public on July 11, and its market capitalization is about $ 22 million. In QuickBit noted:
“Data security is crucial for QuickBit. In the near future, we will publish an incident report on our website. ”
Recently it became known that the South Korean stock exchange Bithumb is trying to hold accountable for the fact that it did not take adequate measures to protect personal information that was subsequently used by hackers.