←back to thread

I have recordings proving Coinbase knew about breach months before disclosure

(jonathanclark.com)
685 points jclarkcom | 3 comments | 16 Nov 25 20:18 UTC | HN request time: 0s | source
Show context
chaps ◴[16 Nov 25 20:59 UTC] No.45948347[source]
Once did some programming/networking work for a company that did the networking of a office sharing building that Coinbase was running out of. Early in my work there I noticed that the company had its admin passwords written on a whiteboard -- visible from the hallway because they had glass for walls. So I sent them an email to ask that they remove it (I billed them for it).

Their fix was to put a piece of paper over the passwords.

What a time.

replies(4): >>45948409 #>>45948413 #>>45950978 #>>45970370 #
bhawks ◴[17 Nov 25 05:08 UTC] No.45950978[source]
That is a great ancedote.

Not saying it is untrue, but it is definitely true that Coinbase has never lost customer funds while operating in an environment with 0 safety nets and being one of the most lucrative targets.

This leak over customer data suggests that they should treat that with as much obsession as they do with their private keys.

replies(2): >>45951247 #>>45954021 #
1. chaps ◴[17 Nov 25 14:45 UTC] No.45954021[source]
Your post reads like something a lawyer would write to convey something that while (maybe) technically true, misses the point by a hundred miles.
replies(1): >>45954693 #
2. bhawks ◴[17 Nov 25 15:54 UTC] No.45954693[source]
Yeah you're right, Coinbase is definitely insecure as evidenced by this.

The fact that lax security has never caused them to loose billions of dollars of customer funds is just luck and paper covering passwords on a whiteboard.

replies(1): >>45954896 #
3. chaps ◴[17 Nov 25 16:11 UTC] No.45954896[source]
Yeah. Lots of stuff exposed stuff out there can stay exposed for quite a long time without being targeted or noticed. I've found quite a bunch and usually all it takes is... looking. Just one of those weird things about the modern world.