Coinbase, a cryptocurrency exchange with over 100 million customers, has disclosed that cybercriminals working with rogue support agents stole customer data and demanded a $20 million ransom not to publish the stolen information.
The company said it would not pay the ransom but would establish a $20 million reward fund for any leads that could help find the attackers who coordinated this attack.
Good for you, Coinbase! You don’t want to pay, then to find out that the actor will go back on their word and do what happened to Power School.
According to Coinbase, the attackers obtained this customer data with the help of contractors or support staff outside the U.S. who were paid to access internal systems. Coinbase fired the insiders after they were detected while accessing systems without authorization, but not before they exfiltrated information from those devices.
While the threat actors managed to steal a combination of personally identifiable information of up to 1% of Coinbase’s customer base (around 1 million individuals), they couldn’t steal customers’ private keys or passwords, and couldn’t access Coinbase Prime accounts and hot or cold wallets (belonging to affected customers or the crypto exchange).
In a filing with the U.S. SEC, here’s what they know was taken.
- Name, address, phone, and email;
- Masked Social Security (last four digits only);
- Masked bank-account numbers and some bank account identifiers;
- Government?ID images (e.g., driver’s license, passport);
- Account data (balance snapshots and transaction history); and
- Limited corporate data (including documents, training material, and communications available to support agents).
According to the article, no passwords, private keys or funds were exposed in the breach. Those who were tricked in to handing over funds will be reimbursed by Coinbase.
Because of the breach, they expect losses to be around $400 billion.
They are still trying to figure out what financial impact this will have on the company, who has recently been added to the U.S. Stock Exchange.
Coinbase added that it will open a new support hub in the U.S., reimburse affected customers tricked into sending funds to the attackers following social engineering attacks, and increase investments in insider?threat detection, security threat simulation, and automated response to prevent future breach attempts.
The company also advised customers to be suspicious of scammers impersonating Coinbase employees and attempting to trick them into transferring funds or asking them for sensitive information such as passwords or 2FA codes.
Be smart. If you do get a call, I’d play it smart and mention that the company should already have such info. If they claim they lost it, that probably isn’t true anyhow. Companies like Coinbase don’t just lose account data.
If you are a retail customer, this paragraph is for you.
“Coinbase will voluntarily reimburse retail customers who mistakenly sent funds to the scammer as a direct result of this incident prior to the date of this post, following a review to confirm the facts.”
While I’m a bit concerned and reached out to someone who knows more about these types of things, we may have to refer this to them come podcast time.
The fact that some of the data was masked is a good sign, but I question whether its necessary to keep all of it after its used to validate what they need to validate. This keeps being a pet peeve of mine which has never really been addressed by any major or minor company for that matter.
The article in question is titled Coinbase data breach exposes customer info and government IDs if you are a customer and need to keep yourself updated.
Don’t expect a company like this to keep you abreast of what is going on, it isn’t like M&S and their excellent work in this process.
Thanks so much for reading, make it a great day!
Discover more from The Technology blog and podcast
Subscribe to get the latest posts sent to your email.