←back to thread

Coinbase says hackers bribed staff to steal customer data, demanding $20M ransom

(www.cnbc.com)
410 points gpi | 1 comments | 15 May 25 15:52 UTC | HN request time: 0.202s | source
Show context
thepasswordis ◴[15 May 25 16:40 UTC] No.43996769[source]
The problem is that it seems like the data that leaked is also the data that would be used to do account recovery.

And what that means is that

1) If you lose access to your account (through either your own fault, or coinbases fault) that the process of recovering it may not be so straightforward anymore.

2) Hackers can try to “recover” accounts now using this leaked info.

This is a huge problem. What coinbase needs are IRL offices where you can go and do things like account recovery, and where people trying to steal money can be caught and prosecuted (and makes a huge barrier for the overseas thieves who are usually doing this)

The only solution here is: hardware 2 factor like yubikeys.

replies(9): >>43996798 #>>43998374 #>>43998426 #>>43999299 #>>43999324 #>>43999430 #>>43999499 #>>43999782 #>>44001348 #
SimianSci ◴[15 May 25 19:21 UTC] No.43998374[source]
The Crypto industry continues their speedrun of rediscovering all of the reasons for why the global financial system exists.

What you've described is the same thing that many Crypto enthusiasts call a "Bank"

replies(3): >>43998471 #>>43999321 #>>43999346 #
knowitnone ◴[15 May 25 19:33 UTC] No.43998471[source]
except banks staff can easily be bribed too. There is plenty of bank fraud happening.
replies(3): >>43998520 #>>43998829 #>>43999576 #
suzzer99 ◴[15 May 25 20:10 UTC] No.43998829[source]
If my bank money gets stolen from me via fraud (unless I literally just Zelle the scammer), I get it back. That's the big difference.
replies(2): >>44001390 #>>44005810 #
1. SoftTalker ◴[16 May 25 02:45 UTC] No.44001390[source]
Zelle is ultimately a bank transfer. Yes they say to consider them like sending cash, but a bank transaction is at least tracable to a real account owner, who could then be pursued in the case of fraud, and it well might be reversible if push came to shove or if there is documented fraud.