Search for:
  • Home/
  • Coinbase/
  • Coinbase says some workers’ info stolen by hackers
Coinbase says some workers’ info stolen by hackers

Coinbase says some workers’ info stolen by hackers

Coinbase says some workers’ info stolen by hackers

Crypto alternate Coinbase has confirmed that it was briefly compromised by the identical attackers that focused Twilio, Cloudflare, DoorDash and greater than 100 different organizations final 12 months.

In a autopsy of the incident revealed over the weekend, Coinbase mentioned that the so-called “0ktapus” hackers stole the login credentials of considered one of its workers in an try and remotely achieve entry to the corporate’s programs.

0ktapus is a hacking group that focused greater than 130 organizations in 2022 as a part of an ongoing effort to steal the credentials of hundreds of workers, usually by impersonating Okta log-in pages. That determine of 130 organizations is now probably a lot increased, as a leaked CrowdStrike report seen by TechCrunch claims that the gang is now focusing on a number of tech and online game corporations.

Within the case of Coinbase, the 0ktapus hackers first despatched spoofed SMS textual content messages to a number of workers on February 5 advising that they wanted to log in urgently utilizing the hyperlink offered to obtain an essential message. One worker adopted the phishing hyperlink and entered their credentials. Within the subsequent section, the attacker tried to log into Coinbase’s inner programs utilizing the stolen credentials however failed as a result of entry was protected with multi-factor authentication.

Some 20 minutes later, the attacker used voice phishing, or “vishing,” to name the worker claiming to be from the Coinbase IT workforce, and directed the sufferer to log into their workstation. This allowed the attacker to view worker info, together with names, electronic mail addresses and telephone numbers.

“A menace actor was in a position to view the dashboard of a small variety of inner Coinbase communication instruments and entry restricted worker contact info,” Coinbase spokesperson Jaclyn Gross sales advised TechCrunch. “The menace actor was in a position to see, by means of a display share, sure views of inner dashboards and accessed restricted worker contact info.”

Nevertheless, Coinbase says its safety workforce responded rapidly, stopping the menace accessor from accessing buyer knowledge or funds. “Our safety workforce was in a position to detect uncommon exercise rapidly and forestall every other entry to inner programs or knowledge,” Gross sales added.

Coinbase mentioned no buyer knowledge was accessed, however the firm’s chief info safety officer, Jeff Lunglhofer, mentioned he recommends that customers think about switching to {hardware} safety keys for stronger account entry, however didn’t say whether or not it makes use of {hardware} keys internally, which can’t be phished.