Link copied 
Cryptocurrency loan startup YouHodler has reportedly exposed reams of private financial data including credit card information and various user transactions after it forgot to protect its server with a password.
Researchers Noam Rotem and Ran Locar uncovered the database leak as part of their web-mapping project and traced the data back to YouHodler, according to a blog post by vpnMentor.
The database contained 86 million lines of daily updating records of the lending platform, including logs and computer demands based on users’ interactions on the front-end website.
Exposed data included enough information to carry out fraudulent card purchases, such as names, credit card numbers, card verification numbers, and expiration dates.
Banking information was also included in the breach, like email addresses, birthdays, phone numbers, home addresses, bank accounts, SWIFT codes, and transaction amounts. Even passport details and passwords hashed with SHA-256 were also entirely unencrypted.
The database also reportedly stored “The amount of information included in the database makes stealing a user identity a simple task,” Roten and Lucar told TechCrunch.
YouHodler, which has served more than 3,500 customers and provided over $10 million in loans, took the database offline after it was notified.
Although YouHolder responded on the breach and said that the exposed files “did not contain any sensitive information and no one was affected,” the research team provided screenshots of the data to support their claims.
“The first example shows that we still found all of the details needed to take full control of the card – including CVV numbers,” the team said.
“We are sure that all security settings are checked and renewed, and there’s no vulnerabilities in our systems,” the company stated, adding that it plans to implement two-factor authentication and email verification and to work with its partners Cloudflare and IdentityMind to prevent such breach from happening again.
Just recently, cryptocurrency exchange Bitpoint Japan said it will compensate the estimated 50,000 users who lost their assets following a recent hacking attack with cryptocurrency.
