VpnMentor Finds Sensitive Data Leak in Crypto Loan Platform YouHodler
Security researchers from virtual private networks-focused site vpnMentor have identified a private data breach on digital currency loan platform YouHodler.
Security researchers from virtual private networks-focused website vpnMentor have identified data breach in digital currency loan platform YouHodler. The breach concerned user information, according to a press release shared with Cointelegraph on July 24.
According to vpnMentor, the leak exposed over 86 million records that contained information such as full personally identifiable information, credit card numbers and credit card verification values, and bank account details, as well as detailed data regarding users’ crypto wallets and transactions.
The breach purportedly enabled anyone in possession of the data to find the real identity of digital currency owners and the amount they own. In a dedicated blog post, vpnMentor noted that although YouHodler stores password data, it uses a SHA-256 hash which is a robust encryption algorithm that is difficult to break. The post further stressed the possible impact of the data breach, saying:
“The nature of the data that leaked from YouHodler’s database could have serious consequences. Any platform that stores credit card data should be taking several security precautions. If YouHodler only stored the BIN and last four digits of user credit cards, there wouldn’t be as much of an impact in this regard.”
VpnMentor discovered the leak in YouHodler’s database as part of its web-mapping project, wherein vpnMentor’s researchers examined ports to find known IP blocks and went on to look for holes in the system that would signify an open database. vpnMentor writes that it contacted YouHodler on the issue on July 22 and YouHodler responded on July 23 that they closed the breach.
Earlier this week, Cointelegraph reported that database issues at the Swedish digital currency exchange QuickBit resulted in a breach of sensitive data of 2% of its users, including personal data such as names, addresses, email addresses and card information.