Security researchers have discovered a data breach that exposed 86 million records of the crypto loan platform YouHodler.
According to vpnMentor’s security experts, the breach has exposed a massive amount of sensitive data.
The leaked data included personal information ranging from full names to phone numbers and email addresses, and financial information such as credit card numbers, CVVs, and full banking details. In some cases, crypto wallet addresses were also exposed in the breach.
The researchers have discovered the data breach by analyzing IP ports as part of a web mapping project. After confirming the leak, vpnMentor has contacted YouHodler that has since fixed the issue.
According to the security researchers, the YouHodler the aftermath of the YouHodler data leak could be serious for crypto lenders and borrowers of the platform.
In light of the vpnMentor report, it seems that YouHodler has failed to encrypt most of the leaked data.
As the operators of the crypto lending platform have stored all credit card data in full, plain text – with CVVs and the rest of the credit card data stored in separately –, hackers could take advantage of the inadequate security practices of the lending platform by acquiring full control over the victims’ credit cards.
“Any platform that stores credit card data should be taking several security precautions. If YouHodler only stored the BIN and last four digits of user credit cards, there wouldn’t be as much of an impact in this regard,” the report reads.
According to vpnMentor, a data leak gets serious for the victims if their full addresses are exposed to hackers. But the case gets even more dangerous – like in the crypto lending platform’s situation – if the addresses are connected to financial information.
The researchers stated that YouHodlers residing in the US, Canada, UK, France, and Russia are affected by the breach.
Last modified: January 10, 2020 3:34 PM UTC