←back to thread

Coinbase says hackers bribed staff to steal customer data, demanding $20M ransom

(www.cnbc.com)
410 points gpi | 4 comments | 15 May 25 15:52 UTC | HN request time: 0.659s | source
Show context
neilv ◴[15 May 25 16:07 UTC] No.43996445[source]
The article keeps saying overseas employees or contractors, but isn't more specific on who Coinbase entrusted with this sensitive customer PII.

The bottom line is Coinbase didn't adequately secure sensitive customer information, and it was leaked.

Not, "Gosh, 'overseas' people, what can ya do?"

replies(12): >>43996466 #>>43996524 #>>43996557 #>>43996649 #>>43996661 #>>43996746 #>>43997312 #>>43997316 #>>43997530 #>>43997817 #>>43997825 #>>43998830 #
voidspark ◴[15 May 25 16:28 UTC] No.43996649[source]
How can customer support operate without knowing anything about the customer?
replies(4): >>43996708 #>>43996714 #>>43996892 #>>43996992 #
1. browningstreet ◴[15 May 25 16:51 UTC] No.43996892[source]
You know how your bank asks you to verify details when you call?

Without the right details the customer support people don’t get entry into the customers account details.

Banks have been doing this for 30+ years..

replies(2): >>43997387 #>>44000593 #
2. udev4096 ◴[15 May 25 17:38 UTC] No.43997387[source]
Which is such a lame and flawed mechanism to avoid letting them access anyone's data. I mean what are you even trying to prove here? That banks care about customer's security when they can't even implement a secure 2FA which is not just an unencrypted text message

“Give a man a gun and he can rob a bank, but give a man a bank, and he can rob the world.”

replies(1): >>44000040 #
3. lavezzi ◴[15 May 25 22:31 UTC] No.44000040[source]
> I mean what are you even trying to prove here?

That there are more options than holding your hands up and arguing the company couldn't have done anything further in terms of implementing effective controls.

4. bcrosby95 ◴[16 May 25 00:10 UTC] No.44000593[source]
This also wouldn't be particularly difficult to implement.