←back to thread

Coinbase says hackers bribed staff to steal customer data, demanding $20M ransom

(www.cnbc.com)
410 points gpi | 1 comments | 15 May 25 15:52 UTC | HN request time: 0.24s | source
Show context
neilv ◴[15 May 25 16:07 UTC] No.43996445[source]
The article keeps saying overseas employees or contractors, but isn't more specific on who Coinbase entrusted with this sensitive customer PII.

The bottom line is Coinbase didn't adequately secure sensitive customer information, and it was leaked.

Not, "Gosh, 'overseas' people, what can ya do?"

replies(12): >>43996466 #>>43996524 #>>43996557 #>>43996649 #>>43996661 #>>43996746 #>>43997312 #>>43997316 #>>43997530 #>>43997817 #>>43997825 #>>43998830 #
kragen ◴[15 May 25 16:19 UTC] No.43996557[source]
It's probably hard to keep call-center workers bribe-proof.
replies(9): >>43996618 #>>43996626 #>>43996651 #>>43996654 #>>43996807 #>>43997178 #>>43997271 #>>43997359 #>>43997458 #
codegeek ◴[15 May 25 17:19 UTC] No.43997178[source]
Let me add to your statement. It is hard to keep call center workers bribe-proof WHEN they are paid peanuts AND they are working for a company that is in an extremely high risk business of managing crypto.
replies(1): >>43997329 #
volkk ◴[15 May 25 17:33 UTC] No.43997329[source]
correct, but what's the alternative? they're paid peanuts because it's not exactly the kind of job you ever pay out the wazoo for. the only thing that comes to mind if I'm Brian Armstrong is going all in on AI bots that can get to 90% of the way there (maybe 95%) and then have domestic based humans that are paid more with (presumably) a less probability of being bribed. but realistically, the only way to stop something like this is going 100% AI bots but then that comes at the expense of customer satisfaction, and also bots that are exploitable through prompt manipulation.

alternatively limit the roles and what the offshore people are able to do, but then any escalation means domestic people, which brings us back to "well at that point just use AI to automate easy tasks"

replies(2): >>43997449 #>>43997542 #
1. egeozcan ◴[15 May 25 17:44 UTC] No.43997449[source]
Normally payment should follow the amount of power/responsibility. If you pay someone peanuts but they have root access to prod, then you should pay more or restrict their credentials. Same applies to being able to access PII.