Gerchik Trading Ecosystem (GTE) finds itself amidst a alleged data breach incident.

The Gerchik Trading Ecosystem data breach, as reported by security researcher Volodymyr “Bob” Diachenko, has exposed a database encompassing the registration and personal particulars of users who participated in its online trading training programs between 2020 and 2022.

Upon investigation, it was observed that the data exposed in the Gerchik Trading Ecosystem data breach took the form of a JSON object, a widely used lightweight data interchange format.

This format is designed for easy readability by humans and seamless interpretation by machines. The dataset can be further segmented into user profiles and associated information.

Gerchik Trading Ecosystem data breach explained

This unprotected dataset contains a trove of information on approximately 166,000 prospective traders, including names, email addresses, contact numbers, encrypted passwords, IPs, geographic locations, logs, and more. 

Efforts to obtain an official statement or response from Gerchik Trading Ecosystem data breach are underway. The Cyber Express has reached out to the company to learn more about this Gerchik Trading Ecosystem data breach. 

However, at the time of writing this, no official response or statement had been received from the company. Consequently, the claims surrounding the Gerchik Trading Ecosystem data breach remain unverified.

Upon analyzing the exposed data, it becomes apparent that each user profile is marked with distinctive identifiers.

The userID field, for instance, is attributed the value 1672, suggesting a unique identifier for each user. Similarly, gerchickID, denoted as “1f6a-86b5-f1ec6e39c08e,” may signify an alternative type of user code.

Technical Analysis of Gerchik Trading Ecosystem Data Breach

The fields updatedAt, and createdAt feature dates are formatted according to the ISO 8601 standard. These are presumed to indicate the respective user profiles’ last update and creation dates.

Meanwhile, the password field, though present, conceals the actual value, hinting at its encryption or hashing for added security.

Additional details such as email addresses, first names, last names, and various registration-related parameters are also discernible within the dataset.

Elements like referrer, host, IP, city, language, timeZone, and userAgent offer insights into the user’s registration environment, ranging from referral sources to geographical locations.

Notably, the Gerchik Trading Ecosystem data breach does reveal some placeholders (“…”) or incomplete values in specific fields, indicating potential variations in real-world scenarios.

This is an ongoing story, and The Cyber Express will monitor the situation as it unfolds. We will update this post once we have more information on the Gerchik Trading Ecosystem data breach.

It’s crucial to note that this incident is more likely the result of an inadvertent glitch within the company’s data handling systems rather than a malicious act by a threat actor.

Volodymyr “Bob” Diachenko also states this, explaining that the EdTech company Gerchik Trading Ecosystem (GTE) unintentionally exposed a database containing crucial registration and personal data of users. 

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.