6,000 accounts wiped out at Coinbase MFA exploit
The Coinbase exchange was exposed to a security exploit after attackers managed to circumvent the company’s multi-factor authentication (MFA) in a coordinated campaign earlier this year.
The attackers were steal Cryptocurrency from 6,000 accounts, although the total amount of damage was not disclosed, according to a report by Bleeping Computer. Earlier this week, Coinbase informed affected customers that the theft took place between March and May.
To gain access to the accounts, the attackers would need to know the email addresses, passwords and phone numbers of the affected users. It is not clear how they got this information, although scams against stock exchange users are not uncommon. However, Coinbase has identified a vulnerability in the account recovery process that attackers are exploiting to gain access:
“In this incident, a third party for customers who used SMS messages for two-factor authentication exploited a vulnerability in Coinbase’s SMS account recovery process to obtain a verification code and gain access to the account. Pick up the user’s account too. ”
Coinbase has been heavily criticized for its poor customer service. Customers who had their accounts hacked and lost all of their funds could not reach the support staff, resulting in thousands of complaints against the company.
Coinbase’s initial public offering started in April with a valuation of $ 86 billion, but the company failed to grow its customer care department enough. In August, the company announced a new support line for customers whose accounts have been compromised.
Join Bitcoin Magazine Telegram to keep track of news and comment on this article: https://t.me/coincunews
According to Cointelegraph