A cybersecurity breach at Direct Trading Technologies (DTT), a major fintech company, has exposed the sensitive data of over 300,000 traders, leaving them vulnerable to account takeover and other attacks.
The leak, discovered by Cybernews researchers, involved a misconfigured web server containing backups and development code linked to DTT.
Critical information compromised:
- Email addresses and plaintext passwords (potentially employee passwords)
- Hashed passwords for trader accounts on the DTT platform
- Partial credit card details, home addresses, and phone numbers for some clients
- Locations of Know Your Customer (KYC) documents and other metadata
- White-label service client credentials, including database locations and commission percentages
- Internal comments from the outreach team, including derogatory remarks about clients
Potential consequences:
- Account takeover: Leaked data can be used to gain unauthorized access to trader accounts and steal funds.
- Phishing and identity theft: Personal information can be used to launch targeted phishing attacks or commit identity theft.
- Malware and credential stuffing: Leaked IP addresses and credentials can be used for further attacks.
Concerns around white-label service:
- The leak could impact clients of other firms using DTT’s white-label service, although additional steps would be needed for attackers to access their databases.
Lessons learned:
- This incident highlights the importance of robust cybersecurity measures for fintech companies handling sensitive financial data.
- Traders are prime targets due to the potential value in their accounts, making them especially vulnerable to cyberattacks.
- Companies offering white-label services need to implement additional security measures to protect client data.
Additional notes
- The information about leaked passwords should be handled with caution, avoiding specific details to prevent misuse.
- The derogatory remarks by the outreach team raise ethical concerns and should be addressed by the company.