QuickBit, a Swedish cryptocurrency exchange listed on the NGM Nordic MTF market, allegedly leaked 300,000 customer records via an unprotected MongoDB database. The exchange confirmed the event in a series of updates on their investor relations board.

The leak, detailed by security researcher Paul Bischoff, first came to light after security aggregator Shodan noted the existence of the open database. QuickBit said that an outside contractor left the data unprotected while attempting a security upgrade.

A translated excerpt from their report:

QuickBit has recently adopted a third-party system for supplementary security screening of customers. In connection with the delivery of this system, it has been on a server that has been visible outside QuickBits firewall for a few days, and thus accessible to the person who has the right tools.

During the delivery period, a database has been exposed with information about name, address, e-mail address and truncated (not complete) card information for approximately 2% of QuickBit’s customers.

Bischoff wrote that the QuickBit team pulled the database on or about July 3 after receiving notice that it was open. The records contained full names, addresses, email addresses, user gender, and dates of birth. QuickBit said it exposed no passwords or social security numbers and that no cryptocurrency keys leaked.

Image via Comparitech.

“In addition to those records, we also discovered 143 records with internal credentials, including merchants, secret keys, names, passwords, secret phrases, user IDs, and other information,” wrote Bischoff.

The company went public on July 11 with a market cap of about $22 million. We reached out to QuickBit for further comment. “Data security is of utmost importance for QuickBit,” they wrote. “We will publish a public version of the incident report on our website shortly.”

https://twitter.com/ngmexchange/status/1149294305678434304

QuickBit image via Twitter

Disclaimer Read More

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

This article is intended as a news item to inform our readers of various events and developments that affect, or that might in the future affect, the value of the cryptocurrency described above. The information contained herein is not intended to provide, and it does not provide, sufficient information to form the basis for an investment decision, and you should not rely on this information for that purpose. The information presented herein is accurate only as of its date, and it was not prepared by a research analyst or other investment professional. You should seek additional information regarding the merits and risks of investing in any cryptocurrency before deciding to purchase or sell any such instruments.