Coinbase Accidentally Recorded Unencrypted Passwords of 3,420 Users

By Katelyn James | August 19, 2019

3,420 Coinbase users have recently received an email in which a signup error was informed by the exchange. Coinbase announced that some of users’ registration details were revealed in clear text on the logs of Coinbase’s internal server. 

Specifically, some users’ credentials were saved during server error. When users encountered this error, their registration would be denied. However, Coinbase still record their credentials, including username, email address, proposed password and state of residence for United States-based users.

According to Coinbase blog post, the platform has successfully fixed the bug, and said that user data was not “improperly accessed, misused, or compromised.” 

All 3,420 users have submitted a new registration application, using the same password. Coinbase could determine this since the password hash would match the earlier password hash saved from the failed signup attempt. The exchange also announced that they have informed all affected users, as well as reassured that the data recorded in their logging system were safe. 

Earlier, hackers have reportedly exploited a zero-day glitch in Firefox system to attack high-profile crypto exchange Coinbase. The critical zero-day security flaw, which was discovered on Mozilla’s Firefox web browser on June 18th, was actually a part of 2 simultaneously appeared zero-day vulnerabilities, with its primary targets are individuals working for Coinbase.

Tags: , ,

Related Articles