(www.cnbc.com)

410 points gpi | 1 comments | 15 May 25 15:52 UTC | HN request time: 0s | source

Show context

J0nL ◴[15 May 25 20:38 UTC] No.43999084[source]▶

I'm having de ja vu here. If they only found out when they attempted to extort them does it mean they don't even bother to log employee access? Is there any means for accountability at all internally?

It would be so simple to have access tracking and flag or lock out rogue employees... I look forward to seeing what the golden parachutes look like.

replies(3): >>43999239 #>>43999433 #>>43999940 #

fckgw ◴[15 May 25 21:18 UTC] No.43999433[source]▶

>>43999084 #

Looking at their blog post, it seems like they paid customer support agents to hand over sensitive data. The attackers did not have access to any agent accounts themselves, and the customer service agents were accessing data they were already privileged to anyways.

https://www.coinbase.com/blog/protecting-our-customers-stand...

replies(2): >>43999539 #>>43999978 #

1. throitallaway ◴[15 May 25 21:33 UTC] No.43999539[source]▶

>>43999433 #

It makes me wonder what type of access support agents have in the first place. A lot of this information should require "unlocking" on a case-by-case basis by challenge/response while interacting with a customer.

↑

Coinbase says hackers bribed staff to steal customer data, demanding $20M ransom