3,420 Coinbase Customers Affected by Password Glitch
By Luke Flowers – Cryptocurrency Enthusiast
Coinbase revealed that a small portion of its customers’ passwords were stored in plain text on an internal server log after disclosing a vulnerability. However, the exchange did say the information was not accessed inappropriately by outside sources meaning no user who looked to buy Bitcoin during the period lost any funds.
Coinbase posted on their blog that a “password storage issue,” which had affected less than 3,500 customers, briefly led to personal information like passwords to be stored in clear readable text on internal logging systems. Though they confirmed this information was not accessed by outside sources, any affected that may have chosen to buy and sell Bitcoin through the platform, could have been at risk from the potential hack or inside staff.
The post reads:
“Under a very specific and rare error condition, the registration form on our signup page wouldn’t load correctly, which meant that any attempt to create a new Coinbase account under those conditions would fail” This led to the individuals name, email and password being recorded on internal logs.
In over 3,420 instances, potential customers would apply the same password when signing up for the second time, which would have worked but it would have resulted in having a password that matches the hashed version on the company’s logs. A location that’s not as secure if a malicious entity tried to brute force their way in. Coinbase had notified its customers by Friday to prevent any user potentially buying crypto just to loss it.
Though this could have compromised user’s password information, Coinbase ensure greater security with its mandatory 2FA. Any attempt to log into the user account would have triggered the 2FA and blocked the attempt.
This error happened because Coinbase is using the React.js server-side rendering on the signup page. What happens is that whenever a user visits a page to sign up for their account, React displays the form that is required to be filled.
You can buy and sell Bitcoin UK through our innovative platform so make sure you check it out!