←back to thread

Coinbase says hackers bribed staff to steal customer data, demanding $20M ransom

(www.cnbc.com)
410 points gpi | 8 comments | 15 May 25 15:52 UTC | HN request time: 0s | source | bottom
Show context
neilv ◴[15 May 25 16:07 UTC] No.43996445[source]
The article keeps saying overseas employees or contractors, but isn't more specific on who Coinbase entrusted with this sensitive customer PII.

The bottom line is Coinbase didn't adequately secure sensitive customer information, and it was leaked.

Not, "Gosh, 'overseas' people, what can ya do?"

replies(12): >>43996466 #>>43996524 #>>43996557 #>>43996649 #>>43996661 #>>43996746 #>>43997312 #>>43997316 #>>43997530 #>>43997817 #>>43997825 #>>43998830 #
kragen ◴[15 May 25 16:19 UTC] No.43996557[source]
It's probably hard to keep call-center workers bribe-proof.
replies(9): >>43996618 #>>43996626 #>>43996651 #>>43996654 #>>43996807 #>>43997178 #>>43997271 #>>43997359 #>>43997458 #
1. thepasswordis ◴[15 May 25 16:44 UTC] No.43996807[source]
[flagged]
replies(2): >>43996951 #>>43997124 #
2. kragen ◴[15 May 25 16:58 UTC] No.43996951[source]
You are writing this as if you know what countries Coinbase's call centers are located in and the role of organized crime in their economies, but you don't actually know either of those things.
replies(1): >>43997019 #
3. apercu ◴[15 May 25 17:03 UTC] No.43997019[source]
Lol, that's because while Coinbase emphasizes its commitment to security and compliance specific details about the geographic distribution of its offshore personnel are not disclosed in its public filings.
replies(2): >>43997042 #>>44000711 #
4. kragen ◴[15 May 25 17:05 UTC] No.43997042{3}[source]
My perspective was more "That's because you post contentious statements in public fora with no reason to believe that they are true, hoping to get a big reaction by offending people."
5. ivewonyoung ◴[15 May 25 17:13 UTC] No.43997124[source]
You mean like in the USA?

> ...bribed AT&T employees at a call center in Bothell, Washington, to "use their network credentials and exceed their authorized access to AT&T's computers to submit large numbers of fraudulent and unauthorized unlock requests on behalf of the conspiracy and to install malware and unauthorized hardware on AT&T's systems," according to the indictment.

https://abcnews.go.com/Politics/att-employees-bribed-1m-unlo...

replies(1): >>43997189 #
6. dttze ◴[15 May 25 17:20 UTC] No.43997189[source]
Not sure how bribing employees to unlock phones early is comparable to defrauding elderly people.
replies(1): >>43997331 #
7. ivewonyoung ◴[15 May 25 17:33 UTC] No.43997331{3}[source]
Read my comment further:

> ..install malware and unauthorized hardware on AT&T's systems

That's not as harmless as unlocking phones early. A major carrier that has access to texts, geolocations, and call logs being hacked like that is extremely concerning.

8. AustinDev ◴[16 May 25 00:30 UTC] No.44000711{3}[source]
The fact that offshore support is allowed to access KYC information for US-based customers should be against some sort of regulation.