Hello Markets CRM data still publicly available to all as security breach continues after company stated it had been resolved

Last week, FinanceFeeds reported that Hello Markets CRM data is fully available, including the intellectual property of all affiliates, to the public by simply following a few steps involving copying and pasting a URL. We approached Hello Markets, who stated that they had resolved it, however, the problem still prevails.

new forex website

At the end of last week, FinanceFeeds reported that, following a series of tests conducted by FinanceFeeds in conjunction with several affiliates and white label partners of platform provider Hello Markets, the company’s CRM data had been publicly available and displayed the entire databases of affiliates by just copy pasting a URL.

As a result, we discovered that all affiliates could access the data of brokerages which are white label brands of this particular platform provider / market maker without any restriction whatsoever.

Hence, brands which use this platform risk having their own intellectual property displayed publicly, which in turn means that other brands could simply copy and paste it into their own databases.

FinanceFeeds has studied this in detail, and has performed several tests with regard to this, as well as drawing on the experience of several affiliates.

Both FinanceFeeds and the affiliates that we approached were able to replicate this several times, in a very simple copy/paste action relating to some of the source code from the Hello Markets platform which can be simply exported and pasted to a different part of the portal, exposing every CRM record in the system.

Upon testing this to a significant enough degree to realize that it is indeed an issue, FinanceFeeds raised the matter with Hello Group, the parent company of the Hello Markets platform.

At the time, we approached the company’s Senior Marketing Manager Khaled Slim, who is also head of Hello Markets’ Cyprus office, and during that particular interaction with the company, FinanceFeeds provided a full set of data and stages by which Hello Markets itself was able to replicate this.

Mr. Slim explained to FinanceFeeds that this would be investigated immediately, and shortly afterwards explained “We are very grateful for this having been pointed out, and have now taken it to our developers who have rectified it without delay.”

“Hello Group is absolutely committed to ensuring complete data security, hence this matter has now been completely resolved and we assure all affiliates and customers that there is no longer any ability to access such data” he concluded.

At that time, in the interests of attempting to assist Hello Markets in resolving the matter and mitigating any consequences to its clients, FinanceFeeds agreed with Mr. Slim not to publish the procedure that we discovered which reveals the data of all affiliates, in the agreement that the entire matter had been resolved.

However, this week, FinanceFeeds, again with the assistance of affiliates using the Hello Markets platform, have been consistently able to replicate this security error over and over, which confirms that it has not been resolved at all, and that the security breach still exists.

This is a grave situation in that it could be simply lack of due diligence on the part of developers and testers, which of course does happen in any software development environment from time to time, or it could be, or lack of will to resolve the matter.

In the interests of investigative journalistic ethics, FinanceFeeds took this matter up once again with Hello Markets, providing 24 hours for a corporate statement on the matter, and demonstrating that this matter has not been rectified, despite the company’s statement to FinanceFeeds last week having been adamant that it was resolved.

No reply was forthcoming from Hello Markets to our request from the company as to why this matter was not resolved.

 

Read this next

Digital Assets

Luxembourg’s regulator warns on false regulation of Crypto Capital Profits

The regulator of Luxembourg’s financial markets, the Commission de Surveillance du Secteur Financier (CSSF), has warned that a firm claiming to be authorized under the name Crypto Capital Profits is in fact not licensed to carry out business from within its jurisdiction.

Institutional FX

FINRA fines Wedbush $900K over reporting violations

The Financial Industry Regulatory Authority continues to take disciplinary actions against financial services firms for providing inaccurate securities trading information.

Digital Assets

Bitkub investigated by Thai regulator in ‘wash trading’ case

Thailand’s Securities and Exchange Commission has targeted Bitkub over allegations of inaccurate reporting and wash trading on its cryptocurrency platform.

Crypto Insider

Crypto.com secures approval to launch its services in France

Crypto.com has registered its cryptocurrency services with the dual regulatory structure in France, which includes the Autorité des Marchés Financiers (AMF) and the Autorité de Contrôle Prudentiel et de Résolution (ACPR).

Inside View

How to offer iOS compliant trading apps? Editorial by Chris Rowe

Webtraders are becoming increasingly important for FX and CFD brokers as more and more of their clients are trading using their mobiles. 

Institutional FX

SpiderRock deploys Eventus trade surveillance for futures and options offering

“As we have begun to provide direct market access as a routing broker and grown in our futures offering, which is subject to a different regulator, we wanted to make sure we chose a trade surveillance platform that has all the tools that we need, a format we can review easily, and capabilities to demonstrate to regulators that we have the proper trade surveillance procedures in place. Validus checks all the boxes for us.”

Industry News

Space and Time raises $20 million to grow its decentralized data warehouse

“We look forward to seeing the ways in which Space and Time will allow the business logic in centralized systems to be automated and connected directly to smart contracts.”

Digital Assets

Mastercard, hi app partner to issue cards with NFT avatars

In partnership with Mastercard, crypto and fiat financial app hi is launching what it calls “the world’s first debit card featuring NFT avatar customization.”

Digital Assets

Wirex to support government of Uzbekistan to adopt blockchain

“We’re excited to work alongside the Uzbekistan Direct Investment Fund in order to help the sector thrive, enrich the financial ecosystem there and set a benchmark for other countries, and ultimately expand.”

<