Coinbase Says Some Employees' Information Stolen By Hackers

Crypto exchange Coinbase has confirmed that it was briefly compromised by the same attackers that targeted Twilio, Cloudflare, DoorDash, and more than a hundred other organizations last year. From a report: In a post-mortem of the incident published over the weekend, Coinbase said that the so-called '0ktapus' hackers stole the login credentials of one of its employees in an attempt to remotely gain access to the company's systems. 0ktapus is a hacking group that has targeted more than 130 organizations in 2022 as part of an ongoing effort to steal the credentials of thousands of employees, often by impersonating Okta log-in pages. That figure of 130 organizations is now likely much higher, as a leaked Crowdstrike report seen by TechCrunch claims that the gang is now targeting several tech and video game companies.

bah

[nomadic]

To quote Shakespeare:
He who steals my coinbase account steals trash; 'tis something, nothing;
'Twas mine, 'tis his, and has been slave to thousands;

I dunno

[Powercntrl]

If Shakespeare was alive today, he might've tried to sell NFTs of Yorick's skull. He was rather cosmopolitan for his day.

Re:

[gosso920]

It was the one-armed man! (Okay, actually it was the one-armed bandit at the casino)

imagine an actual financial institution

[OrangeTide]

Imagine if your bank's employees had their personal information stolen? Or you stock broker. Now what, blackmail and extortion? Next step is theft through an unwilling insider who probably will have the experience and power to cover their tracks temporarily. Now imagine instead of a bank where there are firm processes, regulation, and transparent accounting you have a fly-by-night startup with zero of that. Plus an utter lack of accountability in the management chain. OOPS I guess crypto SUCKS. Too bad your

Re:

[Powercntrl]

Imagine if your bank's employees had their personal information stolen? Or you stock broker.

You've described pretty much a normal day for T-Mobile [npr.org].

Re:

[OrangeTide]

As a T-Mobile customer I don't keep a $100K balance in my account. So there are some substantial differences between our examples.

Re:

[Powercntrl]

That distinction can end up making little difference when your wireless carrier has abysmal security, and your financial institution relies on it for 2FA.

Re:

[OrangeTide]

That's kind of the problem I have with modern corporations not being held responsible for their security issues. Sure I understand the Libertarians want to just take their business elsewhere, but the rest of us kind of want anti-social behavior that generally harms society to be discouraged. Not that a legal fiction seems to be held accountable anymore.

Don't think they're being truthful.

[strike6]

So I read their blog post. They say that no customer data was compromised but I find it curious that this morning I got a spam e-mail from a non-coinbase address asking me to go to a fake link because my account had been restricted and was in danger of being suspended. Could be coincidence I guess but I'm not convinced. Why does my corporate BS meter tell me they aren't being truthful about the impact of this breach?

Re:

[elcor]

I think your BS meter is triggered by their attempt at covering up a much bigger issue: their servers have been compromised for years.

Re:

[Tablizer]

ANY investment co. can be hacked. Etrade, for example. It's not a leak that crypto orgs are more subject to. You could go back to paper-based brokers, but their digital files are probably hackable also.

security?

[awwshit]

Does okta provide any actual security or just theater?

Monetary coin insolvency

[stevenfordy]

Accounts compromised by hackers seem to be newly created propaganda. Enterprises are full of artificial news.