The YouHodler cryptocurrency lending platform has exposed the privacy data, including crypto wallet addresses, of thousands of its cryptocurrency users, reports vpnMonitor.
The data breach is serious with widespread implications
vpnMentor and a team led by data scientists Noam Rotem and Ran Locar have discovered a major cryptocurrency data breach affecting 86 million records. The data resided in the YouHodler database system.
YouHodler provides cryptocurrency lending services. It also allows users to instantly convert crypto assets to US dollars or euros. In addition to Bitcoin, the lending platform supports BCH, ETH, LTC, XLM, XRP, DASH, REP, as well as other crypto-assets.
The YouHodler data breach exposed a massive amount of privacy data including full names, email addresses, addresses, phone numbers, birthdays, credit card numbers, CVV numbers, full bank details and crypto wallet addresses.
Investigators emphasized how serious and far-reaching the implications of the violation are. For example, YouHodler tagged CVV (Card Verification Value) credit card numbers as “identity.” And those CVV numbers were completely unencrypted.
In addition, investigators added,
“Here, we found the entire card number, stored in clear as well as the expiration date, but without the CVV number. However, the first example shows that we still found all the details needed to take full control of the card, including the CVV numbers.
The exposed data makes it possible to link the username to the address of the crypto wallet
Likewise, the full names, addresses and bank details of the users, such as account number and SWIFT code, were exposed. In some cases, records containing crypto wallet addresses have also been exposed. As a result, the investigators concluded,
“It was simple to link the above account to the Bitcoin wallet address. Although the content of crypto wallets is publicly available, it is intentionally anonymous. Linking a name and address to a wallet could have serious consequences. “
VpnMentor is a security research company that champions web privacy. He describes how the security team discovered the breach as follows:
“We found the leak in YouHodler’s database as part of our web mapping project. Ran and Noam examine the ports for known IP blocks. Once they discover IP blocks, they look for holes in the system that would indicate an open database. Using their technical expertise, they can confirm the identity of a leak to trace the data back to its owner.
Cryptocurrency lending services, such as YouHodler, had been widely adopted and had become a vital service for the crypto industry.
After vpnMentor contacted YouHodler on July 22, 2019, YouHodler reportedly closed the breach the next day.
Do you think YouHodler’s data breach will affect the uptake rate of crypto lending services? Please let us know in the comments below!
Images via vpnMonitor