I have recordings proving Coinbase knew about breach months before disclosure

(jonathanclark.com)

685 points jclarkcom | 1 comments | 16 Nov 25 20:18 UTC | HN request time: 0s | source

Show context

AlexErrant ◴[16 Nov 25 20:54 UTC] No.45948315[source]▶

Here's a Reuters report from June 2, which includes a link to a May 14 SEC filing:

> Cryptocurrency exchange Coinbase knew as far back as January about a customer data leak at an outsourcing company connected to a larger breach estimated to cost up to $400 million, six people familiar with the matter told Reuters.

https://www.reuters.com/sustainability/boards-policy-regulat...

> On May 11, 2025, Coinbase, Inc., a subsidiary of Coinbase Global, Inc. (“Coinbase” or the “Company”), received an email communication from an unknown threat actor claiming to have obtained information about certain Coinbase customer accounts, as well as internal Coinbase documentation, including materials relating to customer-service and account-management systems.

https://www.sec.gov/Archives/edgar/data/1679788/000167978825...

replies(2): >>45948341 #>>45948492 #

j-bos ◴[16 Nov 25 21:20 UTC] No.45948492[source]▶

>>45948315 #

> an outsourcing company

From what I've seen, this is going to be a common subheading to a lot of these stories.

replies(1): >>45950970 #

johnebgd ◴[17 Nov 25 05:06 UTC] No.45950970[source]▶

>>45948492 #

Business process outsourcing firm most likely (BPO). They get contracts for every kind of company you’ve ever heard of, lie about their cybersecurity practices, and then rebrand if they get caught.

replies(1): >>45953303 #

ChrisMarshallNY ◴[17 Nov 25 13:19 UTC] No.45953303{3}[source]▶

>>45950970 #

Sound like rich targets for hacking.

replies(1): >>45960730 #

1. Hobadee ◴[18 Nov 25 02:27 UTC] No.45960730{4}[source]▶

>>45953303 #

Why go through the time and effort of hacking them when you can apparently just slip them some money and get what you want?

↑