Coinbase resets the passwords of over 3,000 customers in response to a bug that logged their real passwords in clear text.
Major crypto platform Coinbase has emailed 3,420 Coinbase customers to disclose an accident with customer registration. Some registration details were apparently stored in clear text on the logs of Coinbase’s internal server, with affected customers now required to change their passwords.
Coinbase announced the news in an official blog post on Aug. 16. According to the announcement, Coinbase has resolved the root cause of the bug and the platform is confident that stored data was not “improperly accessed, misused, or compromised.”
Some users’ credentials were saved when a rare signup error occurred. When users encountered this error, Coinbase would deny their registration but still save their credentials, including username, email address, proposed password and state of residence for United States-based users.
Moreover, the announcement specified that the 3,420 individuals then submitted a new registration application, in which they used the same password. Coinbase was apparently able to determine this because the password hash would match the earlier password hash saved from the failed signup attempt.
Coinbase also reassured users that none of the data recorded in their logging system appears to have been accessed and that they have contacted all of the affected users. Per the announcement, Coinbase uses Amazon Work Station (AWS) for its internal logging, and it shares data with a few log analysis services. These analysis services, as well as AWS, are all audited, and access to the info is said to be tightly restricted.
Coinbase expands its custodial arm
As previously reported by Cointelegraph, Coinbase has expanded its custodial arm, Coinbase Custody, with the recent acquisition of crypto wallet Xapo’s industrial services. This recent acquisition has bumped up Coinbase’s assets under custody to $7 billion. According to the announcement, Coinbase Custody is now the largest crypto custodian by AUC in the world, with 120 clients spanning 14 different countries.
Source: , CoinTelegraph
Articles listed with Cash Tech News as the author are either general information, or may have been imported from another website, to bring our readers a rich media experience that encompasses articles that we find interesting, as well as those curated by others.
The views and opinions expressed here are for informational purposes only, and should not be confused with professional financial advice. These opinions are solely those of the author and do not necessarily reflect the views of CashTechNews.com. Every investment and trade involves risk. You should conduct your own research, and contact your professional financial advisor before making any investment.
Corrections, feedback, and ideas should be submitted through the website contact form.