Results 1 to 12 of 12

Thread: Coinbase customer data stolen after company's foreign reps bribed, allows hackers to then phish customers via personal data acquired

  1. #1
    Owner Dan Druff's Avatar
    Reputation
    10919
    Join Date
    Mar 2012
    Posts
    58,004
    Blog Entries
    2
    Load Metric
    103120985

    Coinbase customer data stolen after company's foreign reps bribed, allows hackers to then phish customers via personal data acquired

    What a fucking mess.

    I've said for years that the US should make it ILLEGAL for foreign reps to work customer service jobs for any kind of finanace or healthcare job, as they end up handling sensitive data with no possible oversight or consequence for misuse.

    Now the chickens have come home to roost.

    Coinbase employed cut-rate foreign customers service reps. Some of these reps were then bribed to give up a lot of Coinbase customer data to hackers, who then turned around to phish these customers in order to steal their funds.

    Their statement, while likely at least partially factual, is filled with nonsense such as "We will pursue the harshest penalties possible" against the foreign-based attackers.

    https://twitter.com/coinbase/status/1922967577568985185


    Here is the full webpage about the matter: https://www.coinbase.com/en-ca/blog/...-extortionists

    Supposedly "less than 1% of customers" had their data stolen. At that point, the hackers phished these customers using the data they had acquired from the theft, and convinced many of them to send their crypto. Once this occurred, the hackers then demanded $20m ransom out of Coinbase, which they refused to pay.

    Exposed customer data included name/address/phone #/email, last 4 of social, government ID images (such as driver's license), and entire Coinbase account data.

    The hackers were not able to access the Coinbase accounts of these people, because passwords were not compromised. The only customers who lost money were the ones who were tricked into sending out their crypto. Coinbase promises to reimburse these people.


    The egregious part of this story is the fact that not only did they hire foreign customer service reps with full access to customer data, but these reps apparently had enough access to copy/paste almost 1% of all customer data to the hackers. This means these reps did have some sort of access to the raw data. It doesn't even have to be this way. They could be restricted to only access data given to them based upon customer input, such as needing an email address of the customer and other personal info to look anything up.

    This was a huge hole in security, and has other potential implications. Imagine if you're holding millions or tens of millions in crypto on Coinbase. Do you want some third-world employees being able to look this up, and then contact friends in the US to extort it out of you in some way? The possibilities are endless.

    With all the money Coinbase makes, they couldn't spring for US-based reps?

    There is just about zero chance anyone here is brought to justice, unless they happen to live within the US, Canada, or an EU country.


  2. #2
    Plutonium Sanlmar's Avatar
    Reputation
    4648
    Join Date
    Mar 2013
    Posts
    22,926
    Load Metric
    103120985
    A perfect vehicle for ma and pa’s 401K. Let’s put Coinbase in the SP500 ✅

  3. #3
    Plutonium sonatine's Avatar
    Reputation
    7642
    Join Date
    Mar 2012
    Posts
    36,021
    Load Metric
    103120985
    "Birds born in a cage think flying is an illness." - Alejandro Jodorowsky

    "America is not so much a nightmare as a non-dream. The American non-dream is precisely a move to wipe the dream out of existence. The dream is a spontaneous happening and therefore dangerous to a control system set up by the non-dreamers." -- William S. Burroughs

  4. #4
    Plutonium sonatine's Avatar
    Reputation
    7642
    Join Date
    Mar 2012
    Posts
    36,021
    Load Metric
    103120985
    https://twitter.com/LordofBathrobes/status/1923055152031838599




    btw i havent been keeping up on this but i wonder if lapsus$ is involved. they basically pioneered the bribe-for-access model.
    "Birds born in a cage think flying is an illness." - Alejandro Jodorowsky

    "America is not so much a nightmare as a non-dream. The American non-dream is precisely a move to wipe the dream out of existence. The dream is a spontaneous happening and therefore dangerous to a control system set up by the non-dreamers." -- William S. Burroughs

  5. #5
    Platinum FRANKRIZZO's Avatar
    Reputation
    554
    Join Date
    Sep 2014
    Posts
    3,622
    Load Metric
    103120985
    I rescently got a phishing email from gemini saying they where going bankrupt because of a data breach and I should withdraw funds to another wallet. Bart Hansen posted the email also.

  6. #6
    Plutonium sonatine's Avatar
    Reputation
    7642
    Join Date
    Mar 2012
    Posts
    36,021
    Load Metric
    103120985
    Quote Originally Posted by FRANKRIZZO View Post
    I rescently got a phishing email from gemini saying they where going bankrupt because of a data breach and I should withdraw funds to another wallet. Bart Hansen posted the email also.

    god i just put 2 and 2 together; im getting sooooo many sloppy SMS phishing attempts pretending to be coinbase lately.
    "Birds born in a cage think flying is an illness." - Alejandro Jodorowsky

    "America is not so much a nightmare as a non-dream. The American non-dream is precisely a move to wipe the dream out of existence. The dream is a spontaneous happening and therefore dangerous to a control system set up by the non-dreamers." -- William S. Burroughs

  7. #7
    Plutonium sonatine's Avatar
    Reputation
    7642
    Join Date
    Mar 2012
    Posts
    36,021
    Load Metric
    103120985
    "Birds born in a cage think flying is an illness." - Alejandro Jodorowsky

    "America is not so much a nightmare as a non-dream. The American non-dream is precisely a move to wipe the dream out of existence. The dream is a spontaneous happening and therefore dangerous to a control system set up by the non-dreamers." -- William S. Burroughs

  8. #8
    Flashlight Master desertrunner's Avatar
    Reputation
    399
    Join Date
    Oct 2013
    Posts
    5,893
    Load Metric
    103120985
    I got out of crypto, but still have a Coinbase account with not much cash in it. No notifications yet.

  9. #9
    Owner Dan Druff's Avatar
    Reputation
    10919
    Join Date
    Mar 2012
    Posts
    58,004
    Blog Entries
    2
    Load Metric
    103120985
    If there's a silver lining here, it will perhaps be that this is a wakeup call to the public regarding the dangers of foreign customer service centers handling US financial accounts.

    Hopefully this doesn't get forgotten and swept under the rug. Reform is needed immediately -- not just in the world of crypto exchanges, but also banks, credit bureaus, data brokers, healthcare providers, insurance companies, and any other company which handles financial or healthcare data.

    If Dell and HP still want their tech support in India, that's fine. But Coinbase? Get the fuck outta here.

  10. #10
    Plutonium sonatine's Avatar
    Reputation
    7642
    Join Date
    Mar 2012
    Posts
    36,021
    Load Metric
    103120985
    Quote Originally Posted by Dan Druff View Post
    If there's a silver lining here, it will perhaps be that this is a wakeup call to the public regarding the dangers of foreign customer service centers handling US financial accounts.

    Hopefully this doesn't get forgotten and swept under the rug. Reform is needed immediately -- not just in the world of crypto exchanges, but also banks, credit bureaus, data brokers, healthcare providers, insurance companies, and any other company which handles financial or healthcare data.

    If Dell and HP still want their tech support in India, that's fine. But Coinbase? Get the fuck outta here.

    the only rallying cry im seeing is libertarian fruitcakes saying "i told you KYC was going to get us all killed"

     
    Comments
      
      garrett: Shut up idiot, you wouldn't know where to look
    "Birds born in a cage think flying is an illness." - Alejandro Jodorowsky

    "America is not so much a nightmare as a non-dream. The American non-dream is precisely a move to wipe the dream out of existence. The dream is a spontaneous happening and therefore dangerous to a control system set up by the non-dreamers." -- William S. Burroughs

  11. #11
    Owner Dan Druff's Avatar
    Reputation
    10919
    Join Date
    Mar 2012
    Posts
    58,004
    Blog Entries
    2
    Load Metric
    103120985
    Quote Originally Posted by sonatine View Post
    Quote Originally Posted by Dan Druff View Post
    If there's a silver lining here, it will perhaps be that this is a wakeup call to the public regarding the dangers of foreign customer service centers handling US financial accounts.

    Hopefully this doesn't get forgotten and swept under the rug. Reform is needed immediately -- not just in the world of crypto exchanges, but also banks, credit bureaus, data brokers, healthcare providers, insurance companies, and any other company which handles financial or healthcare data.

    If Dell and HP still want their tech support in India, that's fine. But Coinbase? Get the fuck outta here.

    the only rallying cry im seeing is libertarian fruitcakes saying "i told you KYC was going to get us all killed"
    That's sad.

    Sometimes I think people are too passionate about stupid shit, yet they miss the obvious abuses occurring right in front of our faces.

  12. #12
    Platinum FRANKRIZZO's Avatar
    Reputation
    554
    Join Date
    Sep 2014
    Posts
    3,622
    Load Metric
    103120985
    I bank with Chase get switched to Malasyian support all the time. Past couple of times were actually able to help me Was watching Knick game had a coinbase banner on both hoops loled

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. MGM data breach
    By Baron Von Strucker in forum Casinos & Las Vegas
    Replies: 4
    Last Post: 03-24-2025, 01:10 AM
  2. Replies: 4
    Last Post: 03-02-2024, 11:22 PM
  3. Nevada Gaming Control Board website down; no personal data exposed
    By desertrunner in forum Scams, Scandals, and Shadiness
    Replies: 0
    Last Post: 01-25-2024, 07:02 PM
  4. UB cheater Greg Pierson's Iovation company to be acquired by TransUnion
    By Dan Druff in forum Scams, Scandals, and Shadiness
    Replies: 6
    Last Post: 08-31-2018, 02:54 PM
  5. Paddy Poker Data Breach with around 650k customers information stolen
    By BeerAndPoker in forum Scams, Scandals, and Shadiness
    Replies: 0
    Last Post: 07-31-2014, 10:41 AM