Read full article at Crypto News.

ob-thousands-of-coinbase-customers-using-mfa-flaw/”>reported, citing a Coinbase notification to customers.

Coinbase confirmed to Cryptonews.com that the notification is authentic.

In either case, on September 27, the exchange also confirmed that between April and early May 2021, their security team “observed a significant uptick in Coinbase-branded phishing messages targeting users of a range of commonly used email service providers.” Back then, the exchange said that “in a small number of cases they were able to use that information to impersonate the user, receive an SMS two-factor authentication code, and gain access to the Coinbase customer account.” However, no specific numbers were provided.

Meanwhile, per BleepingComputer, to conduct the attack, the attackers needed to know the customer’s email address, password, and phone number associated with their Coinbase account and have access to the victim’s email account. 

Also, Coinbase states a vulnerability existed in their SMS account recovery process, allowing the hackers to gain the SMS two-factor authentication token needed to access a secured account, the report said. Customers’ personal information was also exposed, including their full name, email address, home address, date of birth, IP addresses for account activity, transaction history, account holdings, and balances, it added.

Per the notification, Coinbase is depositing funds in affected accounts equal to the stolen amount and some customers have already been reimbursed.

Also, the exchange encouraged their clients to:

Use even stronger than SMS-based two-factor authentication, such as time-based one-time password (TOTP) or a hardware security key,Change the password on your Coinbase account to a new, strong, and unique password that you do not use on any other site,Monitor your personal accounts and free credit reports for any suspicious activity,
consistent with best practices for the next 12-24 months.
 

____
Learn more: 
How to Prevent Crypto Theft – And Whom to Blame When It Does Happen 
SushiSwap’s MISO Suffers USD 3M Attack, Contract Thefts May Rise

A Tale of Two Hacks: Poly Hacker Bows Out, Liquid to Restore Operations 
Crypto Sector World’s 3rd Industry in Phishing Attacks Growth

This article is strictly for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. CryptosOnline.com does not provide investment, tax, legal, business or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any loss or damage caused or alleged to be caused by, or in connection with, the use of or reliance on any content, goods, services or opinions mentioned in this article.

#Bitcoin #Crypto #Cryptocurrency

Categories:

Tags:

Comments are closed

Translate

Our Other Projects

EdgyBranding.com - Premium Domain Names.

Notezi.com - Social Network

ParisArtwork.org - Mid-century Paris NFTs, tokenized on the WAX blockchain.

NewYorkArtwork.org - Mid-century New York NFTs, tokenized on the Ethereum blockchain and offered on Rarible.

ClassicAutomobile.org - Classic Automobile News.