←back to thread

Coinbase says hackers bribed staff to steal customer data, demanding $20M ransom

(www.cnbc.com)
410 points gpi | 6 comments | 15 May 25 15:52 UTC | HN request time: 0s | source | bottom
Show context
thepasswordis ◴[15 May 25 16:40 UTC] No.43996769[source]
The problem is that it seems like the data that leaked is also the data that would be used to do account recovery.

And what that means is that

1) If you lose access to your account (through either your own fault, or coinbases fault) that the process of recovering it may not be so straightforward anymore.

2) Hackers can try to “recover” accounts now using this leaked info.

This is a huge problem. What coinbase needs are IRL offices where you can go and do things like account recovery, and where people trying to steal money can be caught and prosecuted (and makes a huge barrier for the overseas thieves who are usually doing this)

The only solution here is: hardware 2 factor like yubikeys.

replies(9): >>43996798 #>>43998374 #>>43998426 #>>43999299 #>>43999324 #>>43999430 #>>43999499 #>>43999782 #>>44001348 #
SimianSci ◴[15 May 25 19:21 UTC] No.43998374[source]
The Crypto industry continues their speedrun of rediscovering all of the reasons for why the global financial system exists.

What you've described is the same thing that many Crypto enthusiasts call a "Bank"

replies(3): >>43998471 #>>43999321 #>>43999346 #
knowitnone ◴[15 May 25 19:33 UTC] No.43998471[source]
except banks staff can easily be bribed too. There is plenty of bank fraud happening.
replies(3): >>43998520 #>>43998829 #>>43999576 #
1. victorbjorklund ◴[15 May 25 21:38 UTC] No.43999576[source]
Can you show us that? Where the consumer is left with no money at all and bank does not take the loss.
replies(1): >>44000958 #
2. hiatus ◴[16 May 25 01:18 UTC] No.44000958[source]
Go Zelle someone and try to get the money back.
replies(2): >>44002259 #>>44017214 #
3. xeromal ◴[16 May 25 06:06 UTC] No.44002259[source]
When I was "hacked" two years ago, their final hurrah before I finally got everything offline for a time, they sent zelles as much as they could and was able to recover it without any loss on my end.
replies(1): >>44004393 #
4. hiatus ◴[16 May 25 12:03 UTC] No.44004393{3}[source]
I guess things have changed since it has not always been the case that the bank would reimburse you.

https://www.nytimes.com/2022/03/06/business/payments-fraud-z...

replies(1): >>44005026 #
5. xeromal ◴[16 May 25 13:07 UTC] No.44005026{4}[source]
Yeah, I think it truly depends on whether you hit the send button or not. Since I was hacked, it wasn't me hitting the send button.
6. victorbjorklund ◴[17 May 25 21:44 UTC] No.44017214[source]
If YOU are the one sending the money of course it is not a hack etc becuase YOU are sending it. If Zelle is hacked and someone steals your money through that hack you will not be left with the loss.