Swedish cryptocurrency exchange QuickBit has revealed that it has accidentally leaked 300,000 customer records through an unprotected MongoDB database.
The exchange, which is listed on the NGM Nordic MTF market, confirmed this situation through updates posted on their investor relations board.
According to security researcher Paul Bischoff, the breach was first discovered after security aggregator Shodan noticed that there was an open database. QuickBit stated that the outside contractor was going through a security upgrade at the time it left its data unprotected.
“QuickBit has recently adopted a third-party system for supplementary security screening of customers. In connection with the delivery of this system, it has been on a server that has been visible outside QuickBits firewall for a few days, and thus accessible to the person who has the right tools.
During the delivery period, a database has been exposed with information about name, address, e-mail address and truncated (not complete) card information for approximately 2% of QuickBit’s customers.”– read a passage from their report.
Bischoff stated that QuickBit pulled the database around July 3 after it was announced of its open status. The records stored the users’ full names, addresses, email addresses, gender, and dates of birth. Allegedly, no passwords, social security numbers or cryptocurrency keys were leaked.
“In addition to those records, we also discovered 143 records with internal credentials, including merchants, secret keys, names, passwords, secret phrases, user IDs, and other information,” said Bischoff.
QuickBit was publicly released on July 11, having a $22 million market cap.
“Data security is of utmost importance for QuickBit,” commented QuickBit on the matter. “We will publish a public version of the incident report on our website shortly.”
Featured Image: ComRent
Credit: Source link