←back to thread

Coinbase says hackers bribed staff to steal customer data, demanding $20M ransom

(www.cnbc.com)
410 points gpi | 1 comments | 15 May 25 15:52 UTC | HN request time: 0.24s | source
Show context
J0nL ◴[15 May 25 20:38 UTC] No.43999084[source]
I'm having de ja vu here. If they only found out when they attempted to extort them does it mean they don't even bother to log employee access? Is there any means for accountability at all internally?

It would be so simple to have access tracking and flag or lock out rogue employees... I look forward to seeing what the golden parachutes look like.

replies(3): >>43999239 #>>43999433 #>>43999940 #
1. lxgr ◴[15 May 25 20:53 UTC] No.43999239[source]
Logging and retroactive auditing seems like the very least they should do. Even asking the customer service agent to first provide identifying details of the customer they can't easily know or guess by themselves doesn't seem excessive, given the sensitivity of the information.

It won't work for 100% of all calls (what if the customer is locked out themselves etc.), but those calls can then be handled by even more closely monitored agents.

"Less than 1% of monthly transacting customers" means up to 1% were accessed – that seems very high, i.e. much higher than the number of customer service contacts I'd expect.