QuickBit, a well-known Scandinavian exchange, has suffered a data breach involving about 300,000 customers. QuickBit is a Swedish based exchange listed on the NGM Nordic MTF market.
The leak concerns a MongoDB database that was not adequately protected during an update procedure. The data breach was confirmed by the exchange itself in a series of updates published on the official website.
It all started with the appearance of the database on the Shodan aggregator. This was noticed by a security expert working for an agency that scans the web for vulnerabilities and bugs.
These are the developments day by day:
- June 28th, 2019: The database appears on Shodan;
- July 2nd, 2019: The security agency detects the presence of the database and notifies the exchange by e-mail;
- July 3rd, 2019: The exchange puts the database offline;
- In the following days there was an exchange of e-mails with the request by the agency to the exchange to publish details of the incident;
- July 19th, 2019: The exchange publishes a first report on what happened.
QuickBit blames someone else
These are the words of the exchange in the report:
“QuickBit has recently adopted a third-party system for supplementary security screening of customers. In connection with the delivery of this system, it has been on a server that has been visible outside QuickBit’s firewall for a few days, and thus accessible to the person who has the right tools”.
During this period a database containing the following information: name, surname, sex, date of birth, e-mail address and some partial credit card information was displayed and shared online.
The exchange confirmed that neither passwords nor security keys were compromised.
Actually, the security expert who published his insights into the incident revealed that 143 records containing user IDs, passwords and secret phrases also appeared. This data could be used by malicious people to access the platform.
The exchange promised to publish a full report on what happened soon.