Exclusive: Affiliates able to access databases of ALL Hello Markets brands and CRM data in massive security breach

Hello Group’s CRM data is publicly available and displays the entire databases of affiliates by just copy pasting a URL. We tested this extensively and raised it with Hello Group, which has now confirmed that it has resolved the issue completely

When providing white label solutions to brands, as is the case of a number of smaller retail FX brokerages that either do not have the resources or the business direction to invest in their own servers and infrastructure, as well as the entire OTC binary options business, the security of data is paramount.

Equally important is the security of client information, for a number of reasons, one in particular being the increasing number of hacking activity that has made it easy to obtain username and password information from trading accounts in order to gain access and make successful withdrawals, another being an internal issue in which in some cases, leads are obtained by former employees of binary options firms selling databases to their future employers, or establishing lead selling business in order to recycle the intellectual property of firms from which they have stolen it.

Security, therefore, is vital these days to protect against several potentially damaging factors.

Thus, it is vitally important that CRM data is encrypted and cannot be accessed from the outside, however according to research by FinanceFeeds, one particular firm has a vast security issue in that its CRM data is completely viewable in the public domain.

As a result, all affiliates can access the data of brokerages which are white label brands of this particular platform provider / market maker without any restriction whatsoever.

Hence, brands which use this platform risk having their own intellectual property displayed publicly, which in turn means that other brands could simply copy and paste it into their own databases.

The brand in question is Hello Markets in Cyprus.

FinanceFeeds has studied this in detail, and has performed several tests with regard to this, as well as drawing on the experience of several affiliates.

Both FinanceFeeds and the affiliates that we approached were able to replicate this several times, in a very simple copy/paste action relating to some of the source code from the Hello Markets platform which can be simply exported and pasted to a different part of the portal, exposing every CRM record in the system.

Upon testing this to a significant enough degree to realize that it is indeed an issue, FinanceFeeds raised the matter with Hello Group, the parent company of the Hello Markets platform.

Speaking today to Senior Marketing Manager Khaled Slim, who is also head of the company’s Cyprus office, FinanceFeeds provided a full set of data and stages by which the company itself was able to replicate this.

Mr. Slim explained to FinanceFeeds that this would be investigated immediately, and shortly afterwards explained “We are very grateful for this having been pointed out, and have now taken it to our developers who have rectified it without delay.”

“Hello Group is absolutely committed to ensuring complete data security, hence this matter has now been completely resolved and we assure all affiliates and customers that there is no longer any ability to access such data” he concluded.

On the company’s website, it states “Your Back Office is fully encrypted thanks to our Security Token. Safety is key, and the Hello Group team of experts knows that all too well. The new Token is a security device which is sure to upgrade the access safety of your website’s back office to unprecedented levels.”

It is vital to make absolutely certain that when taking a white label solution, despite the well recognized cost advantages over establishing an independent brokerage, the security of your own data is maintained, as that, after all is the intrinsic value of your business.

 

Read this next

Retail FX

Stephen Kalayjian launches educational and community platform TradeEZ

TradeEZ has partnered with online broker TradeZero to provide chart overlays that can be accessed on the TradeZero platform. In the future, the firm will be looking to partner with some of the largest firms around the world.

Retail FX

LiteFinance launches new mobile app on Google Play

The mobile app allows users to trade and copy professional traders’ positions and gain access to trading chat rooms.

Technology

ECXX taps OneTick for data management and analytics

OneTick is asset class-agnostic and currently has customers across FX, equities, futures, CFDs, FI, and options.

Industry News

$1.5 million: SEC fines BNY Mellon Investment Advisor for misstatements and omissions about ESG

Investors are increasingly focused on ESG considerations when making investment decisions.

Digital Assets

Mercuryo reaches 3 million users amid crypto payments’ US and Asia expansion

“The opportunities for linking crypto and fiat currencies are abundant. From crypto projects that require fiat solutions (like fiat on and off ramps and IBANs), through to crypto for traditional fiat systems, and solutions for fintech companies that enable clients to buy or sell crypto within their own infrastructure.”

Retail FX

Maltese watchdog warns of bogus broker Perfect Choice Trade

The Malta Financial Services Authority (MFSA), the regulator responsible for the oversight of the forex  sector in the Mediterranean island, today issued a warning against a forex broker that offers its services without having the authorization to do so.

Digital Assets

Dukascopy warns of fake website impersonating its cryptocurrency

Switzerland’s forex bank and broker, Dukascopy, today warned against a fraudulent website that have been falsely claiming affiliation with its ‎authorized brand.‎

Uncategorized

Freetrade raises £30 million to fund business expansion

Freetrade, which calls itself a challenger stockbroker, has raised £30 million in debt financing led by a clutch of existing investors.

Digital Assets

Crypto assets under management at lowest point since July 2021

Crypto investment products registered outflows for a second consecutive week, the bulk of which came from bitcoin funds, according to data from digital asset manager CoinShares.

<