←back to thread

Coinbase says hackers bribed staff to steal customer data, demanding $20M ransom

(www.cnbc.com)
422 points gpi | 1 comments | 15 May 25 15:52 UTC | HN request time: 0.259s | source
Show context
J0nL ◴[15 May 25 20:38 UTC] No.43999084[source]
I'm having de ja vu here. If they only found out when they attempted to extort them does it mean they don't even bother to log employee access? Is there any means for accountability at all internally?

It would be so simple to have access tracking and flag or lock out rogue employees... I look forward to seeing what the golden parachutes look like.

replies(3): >>43999239 #>>43999433 #>>43999940 #
1. vasusen ◴[15 May 25 22:20 UTC] No.43999940[source]
I built the admin panel used by internal employees and contractors at a major fintech payments processor (PCI Level 1). We had to add multiple levels of safety once we decided to hire a team outside of our US office including logging, monitoring and also rate-limiting (ask for manager to approve if more than 5 full details requests, etc.) I think these requirements are much stringent due to PCI-DSS standards for credit card processors. I wonder if a lack of such standards in crypto makes the companies holding customer funds more lax.