Published on August 17th, 2019 📆 | 8383 Views ⚑
0Coinbase password bug hits 3,420 users
Crypto exchange behemoth Coinbase discovered a bug in its signup page that led to registration details being stored in clear text in internal web server logs, they announced in a blog post on Friday. " data-reactid="19">Crypto exchange behemoth Coinbase discovered a bug in its signup page that led to registration details being stored in clear text in internal web server logs, they announced in a blog post on Friday.Â
âUnder a very specific and rare error condition,â their registration signup page wouldnât load properly. A customer would enter their details but the page would crash, sending the âindividualâs name, email address, and proposed password (and state of residence, if in the US)â to its internal logs." data-reactid="20">âUnder a very specific and rare error condition,â their registration signup page wouldnât load properly. A customer would enter their details but the page would crash, sending the âindividualâs name, email address, and proposed password (and state of residence, if in the US)â to its internal logs.
If the user refreshed the page, and they signed up again using the same passwordâthis time successfullyâthe passwordâs hash would match they one previously logged. " data-reactid="21">If the user refreshed the page, and they signed up again using the same passwordâthis time successfullyâthe passwordâs hash would match they one previously logged.Â
Luckily, the glitch only harmed a tiny fraction of their user base. Coinbase has over 30 million users according to its website. Still, for those unlucky few, Coinbase has the following message:" data-reactid="22">Luckily, the glitch only harmed a tiny fraction of their user base. Coinbase has over 30 million users according to its website. Still, for those unlucky few, Coinbase has the following message:
âWhile we are confident that weâve fixed the root cause and that the logged information was not improperly accessed, misused, or compromised, we are requiring those customers to change their passwords as a best-practice precaution.â" data-reactid="23">âWhile we are confident that weâve fixed the root cause and that the logged information was not improperly accessed, misused, or compromised, we are requiring those customers to change their passwords as a best-practice precaution.â
Though the hack was discovered internally, Coinbase has an active bug bounty program on HackerOne, which has so far paid over $250,000 to white-hatters. " data-reactid="24">Though the hack was discovered internally, Coinbase has an active bug bounty program on HackerOne, which has so far paid over $250,000 to white-hatters.Â
Generally, though, Coinbaseâs cybersecurity has been squeaky clean. Itâs currently the only major exchange yet to suffer a breach. Recently, a hacker stole $40 million from Binance, and another stole $450 million from Mt. Gox. " data-reactid="25">Generally, though, Coinbaseâs cybersecurity has been squeaky clean. Itâs currently the only major exchange yet to suffer a breach. Recently, a hacker stole $40 million from Binance, and another stole $450 million from Mt. Gox.Â
As we wrote back in May, Coinbase is so secure it canât even hack itself. CEO Brian Armstrong told Wall Street Journal reporter Paul Vigna that it hires spies to test its cybersecurity systems. The spies get a job at Coinbase and try to hack into their systems. âThey might breach one or twoâ layers of security, Armstrong said, but no more. " data-reactid="26">As we wrote back in May, Coinbase is so secure it canât even hack itself. CEO Brian Armstrong told Wall Street Journal reporter Paul Vigna that it hires spies to test its cybersecurity systems. The spies get a job at Coinbase and try to hack into their systems. âThey might breach one or twoâ layers of security, Armstrong said, but no more.Â
Gloss