ADVERTISEMENT

Data leak at fintech giant reveals staff calling clients ‘idiots’

Direct Trading Technologies, an international fintech company, jeopardized over 300K traders by leaking their sensitive data and trading activity, thereby putting them at risk of an account takeover.

DTT data leak

Image by Cybernews

Paulina Okunytė
Paulina Okunytė Senior Journalist
Jan 30, 2024 Updated: 30 January 2024 2 min read
Directory listing
Directory listing. Source: Cybernews
Account activity data
Account data. Source: Cybernews

Sensitive data leaked

emails
Leaked emails. Source: Cybernews
ADVERTISEMENT
  • Trading account activity
  • Contents of emails sent by DTT
  • User IP addresses, emails, usernames, and plaintext passwords
  • Notes on outreach calls
  • Names
  • Email addresses
  • Phone numbers
  • Home addresses
  • Hashed passwords
  • Database endpoints and plaintext credentials of white-label customers (endpoints were protected by IP whitelists)
  • Locations where KYC documents are stored, filenames, types, expiration dates, and other metadata
outreach team comment
Outreach team's comments. Source: Cybernews

Potential takeover of financial accounts

Users data
Users' data. Source: Cybernews
operators log in history
Operators' login history and plaintext passwords. Source: Cybernews
White label
White label service user data. Source: Cybernews
ADVERTISEMENT