- The report says almost 300,000 transaction records were exposed
- The incident was a result of a publicly available MongoDB which was on a server outside the QuickBit firewall
- The team says neither the company nor the clients have been harmed
The crypto space might be a safe haven in some ways when compared to traditional markets, but it does face some security issues every now then. From hacks to lack of vigilance, there can be multiple reasons why the confidential data of clients are at risk. Recently QuickBit, a Swedish cryptocurrency exchange operating on the NGM Nordic MTF market, announced on their website that they have leaked 300,000 customer records courtesy to an unprotected MongoDB database.
QuickBit customers doxxed
The MongoDB database containing transaction records was publicly available. Here are the important events that took place:
- June 28, 2019: The database was first indexed.
- July 2, 2019: The exposed data was discovered
- July 3, 2019: The MongoDB database in question was pulled offline.
- July 15th, 2019: QuickBit commenced a full internal security audit following our conversation.
- July 19th, 2019: QuickBit published a report for their shareholders and the market outlining the issue
QuickBit unwittingly has revealed customer data as their database was open for a while for anyone with the right tools to see. The announcement stated that the database contained personal data such as names, addresses, email addresses and card information of roughly 2% of its clientele. The announcement also mentioned that no passwords or social security numbers, complete account information, cryptocurrency or private keys, or any financial transactions were affected by this.
Coins safe, but customer data stolen
The firm first suspected that their database had been exposed on July 2 after the incident was brought to light by security aggregator Shodan. After confirming, they published an initial post on their investor relations board on July 19. The post stated that the company’s internal investigations team found out that both the company, as well as the customers, are unaffected by this incident. Later on that same day Jörgen Eriksson, managing director of QuickBit wrote that the external security team has warned them that there might have been some poorly protected data. A translated part of their report:
“QuickBit has recently adopted a third-party system for supplementary security screening of customers. In connection with the delivery of this system, it has been on a server that has been visible outside QuickBits firewall for a few days, and thus accessible to any person who has the right tools.
During the delivery period, a database has been exposed with information about name, address, e-mail address and truncated (not complete) card information for approximately 2% of QuickBit’s customers.”
The entire incident was detailed by security researcher Paul Bischoff who wrote that:
“In addition to those records, we also discovered 143 records with internal credentials, including merchants, secret keys, names, passwords, secret phrases, user IDs, and other information.”
QuickBit claims that their technical team has taken steps to ensure that all the servers are completely secure and are working to prevent any possibility of events similar to this. The company said they will be publishing a public report of the entire incident. An event of this nature can turn out to be really catastrophic because if this data falls into the wrong hands, thousands of people will be exposed to various security risks.