Coinbase Suffers From Information Bug That Exposed User Passwords

Coinbase Invests In $4.3 Million in Crypto Derivatives Exchange Blade

Coinbase, one of the most popular US-based cryptocurrency exchanges, revealed that it suffered from a system bug that “resulted in some registration details being stored in clear text in our internal web server logs.”

The issue occurred via its sign-in page, in which users emails and passwords would be exposed. However, the Coinbase team is sure the information wasn’t abused and that the problem is fixed, they still advise everyone to change their passwords. In fact, the platform is making sure to send emails to customers affected, around 3,500 victims, to be exact.

A summary of what happened, via a Coinbase blog post:

“Under a very specific and rare error condition, the registration form on our signup page wouldn’t load correctly, which meant that any attempt to create a new Coinbase account under those conditions would fail. Unfortunately, it also meant that the individual’s name, email address, and proposed password (and state of residence, if in the US) would be sent to our internal logs.”

The post goes on, stating that if a user had reloaded the sign-up page before putting their information in it, their info would have stayed secure. “However, in the 3,420 instances referenced above, the user successfully registered using a password with a hash that matched the one previously logged,” it reads.

Coinbase then explains what they did after finding out:

“After we identified and fixed the bug, we traced back all the places where these logs might have ended up. We have an internal logging system hosted in AWS, as well as a small number of log analysis service providers. Access to all of these systems is tightly restricted and audited. A thorough review of access to these logging systems did not reveal any unauthorized access to this data. Additionally, we triggered a password reset for impacted customers, even though a password alone is not sufficient to access a Coinbase account — our device verification emails and mandatory 2FA mechanisms would both have been triggered and blocked any unauthorized login attempts.”

Overall, the team ends the post discussing the high standards they have for themselves, on top of their process for following up with their subsidiaries any time something goes wrong.

Top brokers for buying and trading cryptocurrencies

  • Platform
  • Features
  • Rating
  • Visit Site
  • US-Friendly
  • Paypal accepted
  • 12+ cryptocurrencies

Visit Site
75% of retail investors lose money.
eToro Reviews

    eToro Reviews your account
    Hide eToro Reviews
    • Best broker for non-US countries
    • Trade crypto CFDs, forex and stocks
    • No withdrawal or deposit fees

    Visit Site
    80.5% of retail investors lose money.
    Plus500 Reviews

      Plus500 Reviews your account
      Hide Plus500 Reviews
      Remember, all trading carries risk. Past performance is no guarantee of future results.

      Cryptocurrency and games writer. Looking to the future by studying how these two industries can blend.