ob-thousands-of-coinbase-customers-using-mfa-flaw/”>reported, citing a Coinbase notification to customers.
Coinbase confirmed to Cryptonews.com that the notification is authentic.
In either case, on September 27, the exchange also confirmed that between April and early May 2021, their security team “observed a significant uptick in Coinbase-branded phishing messages targeting users of a range of commonly used email service providers.” Back then, the exchange said that “in a small number of cases they were able to use that information to impersonate the user, receive an SMS two-factor authentication code, and gain access to the Coinbase customer account.” However, no specific numbers were provided.
Meanwhile, per BleepingComputer, to conduct the attack, the attackers needed to know the customer’s email address, password, and phone number associated with their Coinbase account and have access to the victim’s email account.
Also, Coinbase states a vulnerability existed in their SMS account recovery process, allowing the hackers to gain the SMS two-factor authentication token needed to access a secured account, the report said. Customers’ personal information was also exposed, including their full name, email address, home address, date of birth, IP addresses for account activity, transaction history, account holdings, and balances, it added.
Per the notification, Coinbase is depositing funds in affected accounts equal to the stolen amount and some customers have already been reimbursed.
Also, the exchange encouraged their clients to:
Use even stronger than SMS-based two-factor authentication, such as time-based one-time password (TOTP) or a hardware security key,Change the password on your Coinbase account to a new, strong, and unique password that you do not use on any other site,Monitor your personal accounts and free credit reports for any suspicious activity,
consistent with best practices for the next 12-24 months.