(www.cnbc.com)

410 points gpi | 3 comments | 15 May 25 15:52 UTC | HN request time: 0.741s | source

Show context

neilv ◴[15 May 25 16:07 UTC] No.43996445[source]▶

The article keeps saying overseas employees or contractors, but isn't more specific on who Coinbase entrusted with this sensitive customer PII.

The bottom line is Coinbase didn't adequately secure sensitive customer information, and it was leaked.

Not, "Gosh, 'overseas' people, what can ya do?"

replies(12): >>43996466 #>>43996524 #>>43996557 #>>43996649 #>>43996661 #>>43996746 #>>43997312 #>>43997316 #>>43997530 #>>43997817 #>>43997825 #>>43998830 #

1. JumpCrisscross ◴[15 May 25 17:53 UTC] No.43997530[source]▶

>>43996445 #

> Coinbase didn't adequately secure sensitive customer information, and it was leaked

Practically every company has someone with credentials who is in some combination of debt, a damningly-adulterous relationship, a damningly-illegal substance relationship and/or feels underappreciated or slighted compensationwise. The question is generally how much it costs.

replies(1): >>43997846 #

2. overfeed ◴[15 May 25 18:28 UTC] No.43997846[source]▶

>>43997530 (TP) #

Which is exactly why insider threats should be explored as a threat-model and mitigated to make the blast radius as small as possible via rate PII sanitization, access controls, access monitoring, rate limiting, etc.

replies(1): >>44003870 #

3. mlrtime ◴[16 May 25 10:59 UTC] No.44003870[source]▶

>>43997846 #

Which is what happened here, they didn't get 100% of data, only 1%.

↑

Coinbase says hackers bribed staff to steal customer data, demanding $20M ransom