Direct Trading Technologies (DTT), an international fintech enterprise, has compromised the security of more than 300,000 traders by inadvertently exposing their confidential information and trading histories, potentially exposing them to the risk of unauthorized account access.
On October 27th, the research team at Cybernews identified a misconfigured web server containing backups and development code believed to be associated with Direct Trading Technologies. The company, which operates globally and specializes in providing trading platforms for various financial instruments, including stocks, forex, precious metals, energies, indices, Contracts for Difference (CFDs), and cryptocurrencies, also extends its services through white-label solutions.
While its primary clientele is situated in Saudi Arabia, Direct Trading Technologies maintains offices in multiple countries, including the UK, Lithuania, UAE, Kuwait, Colombia, Turkey, Bahrain, Lebanon, and the Republic of Vanuatu. Within the identified directory, several database backups were found, each containing substantial amounts of sensitive information concerning the company's users and partners. The breach introduces a spectrum of potential risks, ranging from identity theft to the takeover and unauthorized withdrawal of funds from traders' accounts.
Upon discovery, Cybernews promptly notified the company of their findings. Although the identified issues were rectified, an official response from Direct Trading Technologies is still pending.
The leaked data encompasses the trading activities of more than 300,000 users spanning the last six years, including names, email addresses, correspondence sent by the company, and IP addresses. Notably, individuals using the company's email addresses, possibly employees, had their passwords exposed in plaintext. Hashed passwords for accessing user accounts on the DTT trading platform were also among the leaked information. Furthermore, certain clients had their home addresses, phone numbers, and partial credit card details exposed.
The comprehensive list of leaked data includes:
- Trading account activity
- Contents of emails sent by DTT
- User IP addresses, emails, usernames, and plaintext passwords
- Notes on outreach calls
- Names
- Email addresses
- Phone numbers
- Home addresses
- Hashed passwords
- Database endpoints and plaintext credentials of white-label customers (endpoints were protected by IP whitelists)
- Locations where KYC documents are stored, filenames, types, expiration dates, and other metadata
While the KYC documents themselves were not compromised, the leaked files disclosed the locations where the documents are stored and additional metadata.
The credentials of clients utilizing the white-label service were exposed in plaintext, alongside details regarding database locations and negotiated commission percentages. The leaked information also contained internal comments from the company's outreach team, including derogatory terms used to categorize certain clients in the company's system.
Given the rapid growth of the fintech industry, this breach serves as a stark reminder of the crucial importance of robust cybersecurity measures. Fintech companies, entrusted with managing highly sensitive customer data, become prime targets for threat actors, especially considering the substantial value held in traders' accounts.
With access to leaked data from a trading platform, attackers possess ample information to launch various malicious activities, including account takeovers, phishing, identity theft, and malware exploits based on leaked IPs. The potential threat is heightened by the fact that Direct Trading Technologies offers white-label services to numerous firms, storing credentials for clients' databases. While this could pose an additional threat, accessing these databases would require attackers to compromise a trusted network, adding an extra layer of complexity to the potential threat.