←back to thread

Coinbase says hackers bribed staff to steal customer data, demanding $20M ransom

(www.cnbc.com)
410 points gpi | 1 comments | 15 May 25 15:52 UTC | HN request time: 0.199s | source
Show context
neilv ◴[15 May 25 16:07 UTC] No.43996445[source]
The article keeps saying overseas employees or contractors, but isn't more specific on who Coinbase entrusted with this sensitive customer PII.

The bottom line is Coinbase didn't adequately secure sensitive customer information, and it was leaked.

Not, "Gosh, 'overseas' people, what can ya do?"

replies(12): >>43996466 #>>43996524 #>>43996557 #>>43996649 #>>43996661 #>>43996746 #>>43997312 #>>43997316 #>>43997530 #>>43997817 #>>43997825 #>>43998830 #
kragen ◴[15 May 25 16:19 UTC] No.43996557[source]
It's probably hard to keep call-center workers bribe-proof.
replies(9): >>43996618 #>>43996626 #>>43996651 #>>43996654 #>>43996807 #>>43997178 #>>43997271 #>>43997359 #>>43997458 #
bombcar ◴[15 May 25 16:26 UTC] No.43996626[source]
Call center workers who have access PII and financial abilities should probably be vetted a little bit better.
replies(1): >>43996653 #
kragen ◴[15 May 25 16:28 UTC] No.43996653[source]
How are you going to vet people to find out if they're vulnerable to bribery? Offer them a bribe during their probationary period, during which they only have access to fake customer data?
replies(1): >>43996686 #
bombcar ◴[15 May 25 16:31 UTC] No.43996686[source]
You can do a background check, but the reality of the matter is that you pay citizens a living wage to do the work instead of offshore it into a country that pays pennies.

Bank tellers can take thousands out of the vault at any time and yet it seems it’s not a very big issue.

replies(4): >>43996716 #>>43997036 #>>43997321 #>>44003857 #
1. Maxatar ◴[15 May 25 17:32 UTC] No.43997321[source]
Bank tellers do steal money from the banks they work for though and banks invest a significant amount of resources and have a lot of policies to prevent it.

For example at many banks the teller might need to get manager approval for some cash withdrawals, even for seemingly smaller amounts of money. Despite what it may seem, it's not because of some distrust towards the client but a safeguard against internal fraud.