Technology
Mobile
Internet & Software
Events
More
Bitcoin News Internet & Software

Coinbase security vulnerability caused huge leak in user information

At the end of February Shubham Shah notified in a blog post  that a bug could cause huge harm to Coinbase worlds most popular Bitcoin exchange platform and it seems like hackers have exploited this security vulnerability Shubham has warned Coinbase about 4 months ago as hundreds of users are reporting on Reddit  that they are receiving phishing emails from Coinbase asking them to make transactions to other users.

The exploit works as following: Making use of the request money feature, hundreds of thousands of emails can be checked and since there is no limit to the amount of requests you can send, hackers have used thousands of emails and see which ones are from people with a registered Coinbase account, these can then be targeted with phishing attempt.

“Before you get the impression that this isn’t a security flaw in itself, please let me explain.

Phishers can use this flaw for serious harm. I believe it is a security issue on Coinbase, which will merely assist mass, targeted phishing.”

Shubham has used the exploit it self, allowing him to extract 400 email addresses with the appropriate owners first and second name. After contacting Coinbase, they said the following:

We are not considering account existence bugs to be high enough severity for our scope



Source : Cryptocoinnews

If you enjoyed this post, please consider leaving a comment and share your opinion, subscribing to our RSS feed or Subscribe to our Weekly newsletter to receive a weekly email with this week's most important news updates, delivered right to your Mail Box.

nielsbosch

About the author nielsbosch

Hello, my name is Niels Bosch and i am the founder of AmongTech. Currently living in the South of Spain. My main interests are web development, playing video games once in a while, Apple, Marketing and SEO. I am currently studying Business administration, Ne Read More

Tags:

  • Melissa Jordan

    This is disturbing and the response from Coinbase irresponsible. I actually applied for a remote customer service position with them and made it to the final call. I was cut, but trust me – I would not have typed in such a moronic reply. Coinbase is a great company, but the attention spent to attracting their top talent at the expense of the nuts and bolts portion of the operation is a flaw and this is the reason. Thank you for bringing this to the communities attention.

    • http://www.amongtech.com/ Niels Bosch

      Completely agree on the fact that the response from Coinbase is BS. Thanks for the kind comment :-)