←back to thread

I have recordings proving Coinbase knew about breach months before disclosure

(jonathanclark.com)
685 points jclarkcom | 2 comments | 16 Nov 25 20:18 UTC | HN request time: 0s | source
Show context
fragmede ◴[16 Nov 25 21:37 UTC] No.45948638[source]
My Coinbase account got caught up in this and I'm so glad I used something like coinbase_jridi46@example.com as my email address with them because emails to that address can be treated as hostile in the wake of the breach. if I'd just used coinbase@example.com as my email address with them, I'd be fucked.
replies(1): >>45948953 #
immibis ◴[16 Nov 25 22:17 UTC] No.45948953[source]
Why couldn't you treat coinbase@example.com as hostile?
replies(1): >>45955504 #
fragmede ◴[17 Nov 25 17:01 UTC] No.45955504[source]
because it's guessable. If I sign up with Coinbase@example.com, real Coinbase will send me legitimate emails to that address, as well as scammers, so I have to dig into the headers to make sure the email is or isn't forged.
replies(1): >>45959351 #
1. immibis ◴[17 Nov 25 22:53 UTC] No.45959351[source]
Once the Coinbase database is leaked, that's going to be the case no matter what your address was.
replies(1): >>45977786 #
2. fragmede ◴[19 Nov 25 10:06 UTC] No.45977786[source]
yes but I can be sure that coinbase_xyz@ is from evil while coinbase_abc@ (the new address that I changed it to, post-leak) is probably not from the hackers unless there was a second breach.