[BreachExchange] Coinbase notifies 6,000 customers of data breach

[Sophia Kingsbury]

https://www.techcentral.ie/coinbase-notifies-6000-customers-of-data-breach/

Coinbase has sent out letters to 6,000 customers informing them of a data
breach that led to hackers wiping cryptocurrency accounts.

The letter was sent months after customers started complaining that their
accounts had been wiped, with CNBC reporting that the cryptocurrency
exchange platform, which has 68 million users, had been criticised for lack
of action regarding the heist.

Late last week, Coinbase confirmed that, between March and May 2021, 6,000
US customers had fallen victim to “a third party campaign to gain
unauthorized access to the accounts of Coinbase customers and move customer
funds off the Coinbase platform”.

The funds were transferred to crypto wallets unassociated with Coinbase,
the company stated in the letter, making the transactions impossible to
retract. Some customers reported losing even $168,000, according to CNBC.

Not only did the threat actors manage to steal hundreds of thousands worth
of cryptocurrency, but they also obtained personal information such as
“full name, e-mail address, home address, date of birth, IP addresses for
account activity, transaction history, account holdings, and balance”.

The hackers managed to exploit “a flaw in Coinbase’s SMS Account Recovery
process in order to receive an SMS two-factor (2FA) authentication token”.

However, in order to log in to users’ accounts, they would also need
information such as an e-mail address, password, and phone number
associated with the account, as well as access to customers’ email accounts.

Coinbase told the victims that it was “not able to determine conclusively
how these third parties gained access to this information”.

However, the company pointed to the probable “phishing attacks or other
social engineering techniques to trick a victim into unknowingly disclosing
login credentials to a bad actor”.

“We have not found any evidence that these third parties obtained this
information from Coinbase itself,” it stated in the letter, which was sent
around six months after the breach took place.

Victims of the heist will be reimbursed, Coinbase said, adding that “will
ensure all customers affected receive the full value of what [they] lost”.
Customers were asked to change their passwords to a stronger combination
that hasn’t been used on different sites.

The company is also working with law enforcement to investigate the issue,
describing the status of the investigation as “ongoing”.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211004/cc5d37a7/attachment.html>