Affiliates able to access databases of ALL Hello Markets brands and CRM data in massive security breach

Andrew Saks-McLeod reports:

When providing white label solutions to brands, as is the case of a number of smaller retail FX brokerages that either do not have the resources or the business direction to invest in their own servers and infrastructure, as well as the entire OTC binary options business, the security of data is paramount.

[…]

it is vitally important that CRM data is encrypted and cannot be accessed from the outside, however according to research by FinanceFeeds, one particular firm has a vast security issue in that its CRM data is completely viewable in the public domain.

As a result, all affiliates can access the data of brokerages which are white label brands of this particular platform provider / market maker without any restriction whatsoever.

Hence, brands which use this platform risk having their own intellectual property displayed publicly, which in turn means that other brands could simply copy and paste it into their own databases.

The brand in question is Hello Markets in Cyprus.

 

FinanceFeeds engaged in responsible and the problem has been addressed. But is there any evidence that the flaw was exploited and data acquired by unauthorized individuals? FinanceFeeds doesn’t seem to have put that question to Hello Group or obtained any statement from them on that point, and Hello Markets does not seem to provide any email contact address for inquiries of this kind.

Read more on FinanceFeeds.

About the author: Dissent