Cryptocurrency retailer QuickBit has inadvertently revealed hundreds of thousands of records, Comparitech reports. The company’s database was open to everyone to view, including users' personal and financial information.
According to Comparitech, records might have contained information about transactions. MongoDB database, containing such information, was made available to everyone with no authentication necessary.
The information included full names, addresses, emails, genders, profile levels and dates of birth. It also contained payment information—the type of credit card and first six and last four digits—as well as transaction information.
The database was public for approximately six days and was taken down less than 24 hours after Comparitech researcher Bob Diachenko reported the leak. If accessed by a malicious party, the data could be used for identity theft or phishing.
It remains unknown how many records were exposed or whether the breach affected any QuickBit users. The company claims its internal investigation shows “neither QuickBit nor the company’s customers have been harmed.”
What is more, “143 records with internal credentials, including merchants, secret keys, names, passwords, secret phrases, user IDs, and other information” have also been made public.
The information could be used by a bad agent to access users' account and make transactions.