(www.cnbc.com)

410 points gpi | 5 comments | 15 May 25 15:52 UTC | HN request time: 0.838s | source

Show context

neilv ◴[15 May 25 16:07 UTC] No.43996445[source]▶

The article keeps saying overseas employees or contractors, but isn't more specific on who Coinbase entrusted with this sensitive customer PII.

The bottom line is Coinbase didn't adequately secure sensitive customer information, and it was leaked.

Not, "Gosh, 'overseas' people, what can ya do?"

replies(12): >>43996466 #>>43996524 #>>43996557 #>>43996649 #>>43996661 #>>43996746 #>>43997312 #>>43997316 #>>43997530 #>>43997817 #>>43997825 #>>43998830 #

voidspark ◴[15 May 25 16:28 UTC] No.43996649[source]▶

>>43996445 #

How can customer support operate without knowing anything about the customer?

replies(4): >>43996708 #>>43996714 #>>43996892 #>>43996992 #

1. ty6853 ◴[15 May 25 16:35 UTC] No.43996708[source]▶

>>43996649 #

A shared or hashed secret would do it.

Plenty of exchanges don't know their customers, and in fact that is how they get their customers.

replies(1): >>43996822 #

2. voidspark ◴[15 May 25 16:45 UTC] No.43996822[source]▶

>>43996708 (TP) #

No. Coinbase deals with fiat money, therefore subject to AML and KYC regulations.

replies(2): >>43996862 #>>43996872 #

3. kragen ◴[15 May 25 16:49 UTC] No.43996862[source]▶

>>43996822 #

That's not related to customer support, though. It's more like customer surveillance.

replies(1): >>43996916 #

4. ty6853 ◴[15 May 25 16:50 UTC] No.43996872[source]▶

>>43996822 #

The question was about customer support. AML and KYC regulations do not require that customer support persons know your PII. That can be kept firewalled from them.

5. ◴[15 May 25 16:54 UTC] No.43996916{3}[source]▶

>>43996862 #

↑

Coinbase says hackers bribed staff to steal customer data, demanding $20M ransom