Cryptocurrency loan site YouHodler exposed unencrypted user credit cards and transaction…

A cryptocurrency loan startup exposed reams of customer credit cards and user transactions for almost a month — because it forgot to protect the server with a password.

Security researchers Noam Rotem and Ran Locar found the database belonging to YouHodler, a lending platform designed for cryptocurrency, which claims to have processed $10 million in loans to more than 3,500 customers. The researchers shared their findings exclusively with TechCrunch, and to verify the authenticity of the data. The researchers also wrote up their findings.

Once the researchers reported the leaking data, the company pulled the database offline.

The database contained 86 million lines of daily updating records of the lending platform, containing streams of logs and computer commands based on users’ interactions on the front-end website. That also included sensitive information such as every time a transaction or a loan went through.

Among the records we reviewed, we found records with enough…