Sweden-based cryptocurrency exchange QuickBit has confirmed an alleged data leak of customer records in an update to its blog. According to the exchange, an outside contractor left customer data unprotected while carrying out a security upgrade on QuickBit’s servers. This negligent behavior affected roughly 2 percent of the exchange’s customers, the post explains.
“QuickBit has recently adopted a third-party system for supplementary security screening of customers,” according to the exchange. “In connection with the delivery of this system, it has been on a server that has been visible outside QuickBits firewall for a few days, and thus accessible to the person who has the right tools.”
The data leak was first reported by cybersecurity firm Comparitech and researcher Bob Diachenko earlier this month. The duo revealed the existence of an unprotected database that was accessible online. According to the researchers, customer records such as names, email addresses, social security numbers and even private keys were left unprotected in the database. QuickBit has now refuted these claims, stating that sensitive details such as private keys, account passwords and social security numbers weren’t affected.