Coinbase Accidentally Saves Unencrypted Passwords of 3,420 Customers

Published at: Aug. 16, 2019

Major crypto platform Coinbase has emailed 3,420 Coinbase customers to disclose an accident with customer registration. Some registration details were apparently stored in clear text on the logs of Coinbase’s internal server, with affected customers now required to change their passwords.

Coinbase announced the news in an official blog post on Aug. 16. According to the announcement, Coinbase has resolved the root cause of the bug and the platform is confident that stored data was not “improperly accessed, misused, or compromised.” 

Some users’ credentials were saved when a rare signup error occurred. When users encountered this error, Coinbase would deny their registration but still save their credentials, including username, email address, proposed password and state of residence for United States-based users.

Moreover, the announcement specified that the 3,420 individuals then submitted a new registration application, in which they used the same password. Coinbase was apparently able to determine this because the password hash would match the earlier password hash saved from the failed signup attempt.

Coinbase also reassured users that none of the data recorded in their logging system appears to have been accessed and that they have contacted all of the affected users. Per the announcement, Coinbase uses Amazon Work Station (AWS) for its internal logging, and it shares data with a few log analysis services. These analysis services, as well as AWS, are all audited, and access to the info is said to be tightly restricted.

Coinbase expands its custodial arm

As previously reported by Cointelegraph, Coinbase has expanded its custodial arm, Coinbase Custody, with the recent acquisition of crypto wallet Xapo’s industrial services. This recent acquisition has bumped up Coinbase’s assets under custody to $7 billion. According to the announcement, Coinbase Custody is now the largest crypto custodian by AUC in the world, with 120 clients spanning 14 different countries.

Tags
Blockchain
United States
Coinbase
Security
Amazon
Related Posts
Coinbase Launches USDC-Based Initiative to Support DeFi Developers
Cryptocurrency trading platform Coinbase has launched the new USDC Bootstrap Fund aimed at the improvement of Decentralized Finance (DeFi). As the company announced on Sept. 10, Coinbase set up the USDC Bootstrap Fund to support developers who build DeFi protocols by investing USD Coin (USDC) directly in the protocol. Coinbase and payment startup Circle jointly launched their own stablecoin USDC in September 2018. Bringing more liquidity to DeFi protocols Bringing more liquidity to some DeFi protocols ostensibly formed the main impetus behind the idea to establish the fund. Among possible investments, Coinbase named smart contracts, while returns are set to …
Blockchain / Sept. 10, 2019
Kraken and Coinbase Among the Cleanest Crypto Exchanges: BTI Report
The Blockchain Transparency Institute (BTI) has released its latest market surveillance report which states that Kraken and Coinbase are among the cleanest cryptocurrency exchanges in the industry. BTI cleans wash trading from exchanges’ volumes On Sept. 19, the Blockchain Transparency Institute published its 5th market surveillance report that verifies reporting of cryptocurrency exchange volumes. The BTI has been publishing reports since August 2018, and through its proprietary algorithm, BTI cleans all wash trading from exchanges’ volumes. The report states: “Since the start of 2019, global wash trading has reduced by 35.7% among the real Top-40 exchanges. The process of sharing …
Blockchain / Sept. 22, 2019
Amazon Wins Patents for Cryptography and Distributed Data Storage Solutions
E-commerce giant Amazon has won two patents related to methods for protecting the integrity of digital signatures and improving distributed data storage. The two patents were published by by the U.S. Patent and Trademark Office (USPTO) today, Nov. 13. The first patent document, first filed in April of this year, outlines a “signature delegation” method for “protecting the integrity of digital signatures and encrypted communications,” by allowing for the generation, distribution, validation, and revocation of one-time-use cryptographic keys. In the proposed system, these keys are arranged in what is known in cryptography as a “Merkle Tree” structure, which is a …
Blockchain / Nov. 13, 2018
Cybersecurity, Blockchain Firm WISeKey Acquires Interest in Data Infrastructure Firm
Switzerland-based blockchain, Internet of Things (IoT) and cybersecurity firm WISeKey has acquired a 22 percent interest in American data infrastructure firm Tarmin through a multi-million USD transaction, exact amount unspecified. The news was revealed in an official announcement from WISeKey on April 3. WISeKey focuses on creating digital identity ecosystems that implement blockchain, AI and IoT technology for people and smart device, while Tarmin develops scalable data and software defined infrastructure for high-volume data management and secure storage. WISeKey’s agreement to acquire a 22 percent interest in the latter had been signed in the fall of last year. The investment …
Decentralization / April 3, 2019
Former Twitch Senior Vice President of Marketing Joins Crypto Startup Kin as CMO
Former Twitch exec Matthew DiPietro has joined crypto startup Kin Ecosystem Foundation as chief marketing officer (CMO), PR Newswire reports September 18. After serving eight years as senior vice president at the popular live streaming platform Twitch, DiPietro will now be responsible for developing marketing and brand strategies for Kin, the cryptocurrency launched by Kik Interactive, as specified on the expert’s LinkedIn profile. According to PR Newswire, DiPietro drove brand development for Twitch, as well as led all marketing projects, including the launch of community convention TwitchCon that is devoted to Twitch and the culture of video game streaming. Having …
Blockchain / Sept. 19, 2018