Security is a long-standing topic in the world of crypto, and this latest story proves it’s not likely to let up anytime soon. The cryptocurrency loan startup You Hodler is being reprimanded for allegedly exposing hundreds to thousands of credit card numbers for nearly a month without the security of a password.
Why Didn’t You Hodler Take Greater Precautions?
Customers who provided financial information to the company did so through an unprotected server, meaning their information was vulnerable – at least temporarily – to hackers and other malicious actors looking to get their hands around unmarked data. You Hodler claims to have provided more than $10 million in cryptocurrency loan funds thus far to nearly 4,000 customers.
Once it was discovered that the data was being leaked, executives went offline to prevent any further information from being exposed but by that time, several weeks had gone by, and there’s no telling who may have been compromised in the process. It is estimated that as many as 86 million lines of credit and financial data streams were housed on the site including information regarding every loan that ever went through.
Researchers who went through the site ultimately exclaimed that they had found enough data available to hackers for them to commit fraudulent transactions including full names, credit card numbers and verification numbers (CVVs), expiration dates and the amounts of past purchases. Researchers claim that none of the data had been encrypted.
In addition, several other records were pulled up such as banking data (including account and routing numbers), SWIFT codes and the addresses of all participating parties. Some of the records also included phone numbers and the passport numbers of those involved. At press time, it is alleged that You Hodler has secured all necessary data.
It is surprising that this kind of leak occurred considering the issues that arrive in the cryptocurrency space. Recently, a federal judge announced that he would allow a multi-million-dollar case to proceed against cell phone provider AT&T, as the company did not do enough to protect a user’s identity against hackers.
The culprit ultimately stole several million dollars-worth of crypto funds belonging to digital asset entrepreneur and investor Michael Terpin, who claims that his SIM card was “swapped out” with the aid of an AT&T employee who was bribed into giving the hacker his information.
This Has Happened Before…
In addition, several other companies were discovered to have exposed their customers’ private data, including the Fortune 500 Tech Data. Several private messages and customer records were exposed recently through executives’ use of J Crush, a Jewish dating app, and through the cell network Freedom Mobile.
Other data leaks have also occurred through retail sites like Gearbest and Aavgo, which provided an “open forum” regarding former customers’ hotel stays.