Exclusive: Affiliates able to access databases of ALL Hello Markets brands and CRM data in massive security breach
Hello Group’s CRM data is publicly available and displays the entire databases of affiliates by just copy pasting a URL. We tested this extensively and raised it with Hello Group, which has now confirmed that it has resolved the issue completely
When providing white label solutions to brands, as is the case of a number of smaller retail FX brokerages that either do not have the resources or the business direction to invest in their own servers and infrastructure, as well as the entire OTC binary options business, the security of data is paramount.
Equally important is the security of client information, for a number of reasons, one in particular being the increasing number of hacking activity that has made it easy to obtain username and password information from trading accounts in order to gain access and make successful withdrawals, another being an internal issue in which in some cases, leads are obtained by former employees of binary options firms selling databases to their future employers, or establishing lead selling business in order to recycle the intellectual property of firms from which they have stolen it.
Security, therefore, is vital these days to protect against several potentially damaging factors.
Thus, it is vitally important that CRM data is encrypted and cannot be accessed from the outside, however according to research by FinanceFeeds, one particular firm has a vast security issue in that its CRM data is completely viewable in the public domain.
As a result, all affiliates can access the data of brokerages which are white label brands of this particular platform provider / market maker without any restriction whatsoever.
Hence, brands which use this platform risk having their own intellectual property displayed publicly, which in turn means that other brands could simply copy and paste it into their own databases.
The brand in question is Hello Markets in Cyprus.
FinanceFeeds has studied this in detail, and has performed several tests with regard to this, as well as drawing on the experience of several affiliates.
Both FinanceFeeds and the affiliates that we approached were able to replicate this several times, in a very simple copy/paste action relating to some of the source code from the Hello Markets platform which can be simply exported and pasted to a different part of the portal, exposing every CRM record in the system.
Upon testing this to a significant enough degree to realize that it is indeed an issue, FinanceFeeds raised the matter with Hello Group, the parent company of the Hello Markets platform.
Speaking today to Senior Marketing Manager Khaled Slim, who is also head of the company’s Cyprus office, FinanceFeeds provided a full set of data and stages by which the company itself was able to replicate this.
Mr. Slim explained to FinanceFeeds that this would be investigated immediately, and shortly afterwards explained “We are very grateful for this having been pointed out, and have now taken it to our developers who have rectified it without delay.”
“Hello Group is absolutely committed to ensuring complete data security, hence this matter has now been completely resolved and we assure all affiliates and customers that there is no longer any ability to access such data” he concluded.
On the company’s website, it states “Your Back Office is fully encrypted thanks to our Security Token. Safety is key, and the Hello Group team of experts knows that all too well. The new Token is a security device which is sure to upgrade the access safety of your website’s back office to unprecedented levels.”
It is vital to make absolutely certain that when taking a white label solution, despite the well recognized cost advantages over establishing an independent brokerage, the security of your own data is maintained, as that, after all is the intrinsic value of your business.