(www.cnbc.com)

410 points gpi | 2 comments | 15 May 25 15:52 UTC | HN request time: 0.563s | source

Show context

skybrian ◴[15 May 25 18:07 UTC] No.43997650[source]▶

Blog post is here:

https://www.coinbase.com/blog/protecting-our-customers-stand...

> We will reimburse customers who were tricked into sending funds to the attacker due to social engineering attacks. If your data was accessed, you have already received an email from no-reply@info.coinbase.com; all notifications went out at 7:20 a.m. ET on 5/15 to affected customers.

replies(3): >>43997943 #>>43998011 #>>44003991 #

gkoberger ◴[15 May 25 18:37 UTC] No.43997943[source]▶

>>43997650 #

The no-reply is an interesting decision. I get how difficult it is to run a company like Coinbase (their biggest strength, centralized + customer support, is also what enables this social engineering), but feels like an odd choice.

replies(2): >>43998168 #>>43998253 #

1. sh34r ◴[15 May 25 18:58 UTC] No.43998168[source]▶

>>43997943 #

Their "customer support" includes not expecting users to set up PGP to communicate with them. Email is not a secure method of communication by default.

It's fine to send a notification instructing them to visit the secure portal for more info, though. Hence, no-reply.

replies(1): >>43998183 #

2. gkoberger ◴[15 May 25 19:00 UTC] No.43998183[source]▶

>>43998168 (TP) #

Yeah, I totally understand it!

↑

Coinbase says hackers bribed staff to steal customer data, demanding $20M ransom