Crypto Exchange QuickBit’s Breach Spills Personal, Financial Records of 300K Users

Crypto Exchange Data Breach

QuickBit, a Swedish crypto exchange, has exposed over 300,000 personal records. These records contained personal and financial details about its users which could be accessed by anyone with an internet connection. QuickBit has made a name for itself with aims to provide means to purchase cryptocurrency efficiently and quickly, but the news of this data leak is surely going to stain that reputation.

The exposure was first detected by Comparitech and security expert Bob Diachenko July 2, 2019. Publicly available MongoDb database, which required no authentication, has been reported to be the root cause of the exposure. According to QuickBit’s recent statements, the data was left unprotected by an outside contractor who was in charge of a security upgrade.

The exposed data contained information about the personal transactions made by QuickBit’s customers who used credit cards to purchase cryptocurrency. It is still not known exactly how many Quickbit’s consumers have been affected by the leak or if any malicious party has copied the leaked content over the course of six days that it remained exposed.

According to QuickBit’s recent statement, none of its customers have been affected by this exposure. As QuickBit clearly stated:

“The company has immediately taken the necessary measures to secure the system concerned. Our own initial investigation shows that neither QuickBit nor the company’s customers have been harmed”.

QuickBit has reported that the exposed records didn’t leak any passwords, social security numbers or the cryptocurrency keys. However, the records contained some highly confidential and personal information such as full names, home addresses, consumer’s gender and dates of birth, email addresses, profile level, payment information and even the transaction amount.

143 Crypto Accounts Fully Exposed

Security researcher Paul Bischoff investigated the matter and said that along with these 300,000 records, 143 accounts have been made public with internal credentials that include names, passwords, secret phrases, user IDs merchants, secret key and for some, even more information. Access to such data could allow accounts to be completely viable to danger, and even make way for cybercrime.

Along with these stated credentials, first four and last four digits of credit cards were also compromised. Even though credit card frauds are not possible with just these numbers, it is still possible to extract further information from these digits.

QuickBit is bound to take a hit after this negligence. Users are being advised to change their passwords, or just switch accounts. We can only wait to fully understand the scope of the damage that has been done. Until then users are advised to keep a close eye on their accounts and quickly report if they encounter any irregularities.

What do you think about the article?

Sharing Is Caring: