VpnMentor’s specialists discovered the leakage of personal data of YouHodler cryptocurrency landing platform users – the names, addresses, credit card numbers and CVV security numbers, customer bank account data, as well as detailed information about their cryptographs and transactions were publicly disclosed.
In particular, the researchers found more than 86 million records containing personal information about YouHodler users.
VpnMentor stressed that the problem of leaking such a large amount of data is very serious, since in fact attackers can get full access to bank accounts, credit cards and balances of cryptocurrency wallets.
In addition, having more and personal user data, it is quite simple to establish the identity of the owner of the crypto wallet, experts say.
According to the researchers, despite the fact that YouHodler stores password data using the SHA-256 hashing algorithm, which is considered to be a fairly reliable encryption algorithm, the blame for the incident lies almost entirely on the site itself.
Any platform that stores credit card information must take several security measures. If YouHodler kept only the BIN and the last four digits of the user credit cards, this would not be such a serious problem.
As stated by VpnMentor experts, they contacted YouHodler representatives, who reported that the flaw in the system was eliminated.
However, users whose data has already been made publicly available may still be at risk.
Recall that in June, the Southern Seoul Prosecutor’s Office charged the Bithumb exchange with leaks of confidential financial data to over 31,000 users, as a result of which in July 2017 considerable funds were stolen from the platform.