Swedish crypto exchange QuickBit recently confirmed that it had indeed committed a major blunder in the form of a data leak that could impact as many as 3,00,000 users of the platform. This involves essentially placing customer data on an unprotected database that was accessible to practically anyone.
The exchange made the confirmation in an investor relations update where it explained what had occurred. Among the data that was exposed is crucial private information such as names and addresses.
“QuickBit has recently adopted a third-party system for supplementary security screening of customers. In connection with the delivery of this system, it has been on a server that has been visible outside QuickBits firewall for a few days, and thus accessible to the person who has the right tools,” the update reads after translation.
“During the delivery period, a database has been exposed with information about name, address, e-mail address and truncated (not complete) card information for approximately 2% of QuickBit’s customers.”
This development is further detailed over at Comparitech, with the third-party platform being MongoDB. As tech investigator Paul Bischoff notes in his report, the details of the affected customers became “readable to anyone with an internet connection.”
It is worth pointing out that while 300,000 accounts were exposed, the number of users that have now become targets of malicious activities is still unknown. However, user data was not the only information compromised by this leak.
Bischoff also discovered that “143 records with internal credentials, including merchants, secret keys, names, passwords, secret phrases, user IDs, and other information” were exposed. The leak of these details currently presents a grave security threat for the exchange and its users. Responding to CoinDesk’s request for a comment, the exchange promised that it would provide a report on the incident.
“Data security is of utmost importance for QuickBit,” the exchange told the publication. “We will publish a public version of the incident report on our website shortly.”
Comment 6