Coinbase says some employees’ information stolen by hackers
Reading Time: 2 minutesCrypto exchange Coinbase has confirmed that it was briefly compromised by the same attackers that targeted Twilio, Cloudflare, DoorDash, and more than a hundred other organizations last year.
In a post-mortem of the incident published over the weekend, Coinbase said that the so-called ‘0ktapus’ hackers stole the login credentials of one of its employees in an attempt to remotely gain access to the company’s systems.
In the case of Coinbase, the 0ktapus hackers first sent spoofed SMS text messages to several employees on February 5 advising that they needed to log in urgently using the link provided to receive an important message. One employee followed the phishing link and entered their credentials. In the next phase, the attacker tried to log into Coinbase’s internal systems using the stolen credentials but failed because access was protected with multi-factor authentication.
Some 20 minutes later, the attacker used voice phishing, or ‘vishing,’ to call the employee claiming to be from the Coinbase IT team, and directed the victim to log into their workstation. This allowed the attacker to view employee information, including names, email addresses and phone numbers.
However, Coinbase says its security team responded quickly, preventing the threat accessor from accessing customer data or funds. ‘Our security team was able to detect unusual activity quickly and prevent any other access to internal systems or data,’ Sales added.
Coinbase said no customer data was accessed, but the company’s chief information security officer Jeff Lunglhofer said he recommends that users consider switching to hardware security keys for stronger account access, but did not say whether it uses hardware keys internally, which cannot be phished.
Reference: https://techcrunch.com/2023/02/21/0ktapus-coinbase-stolen-employees-information/
Ref: techcrunch
MediaDownloader.net -> Free Online Video Downloader, Download Any Video From YouTube, VK, Vimeo, Twitter, Twitch, Tumblr, Tiktok, Telegram, TED, Streamable, Soundcloud, Snapchat, Share, Rumble, Reddit, PuhuTV, Pinterest, Periscope, Ok.ru, MxTakatak, Mixcloud, Mashable, LinkedIn, Likee, Kwai, Izlesene, Instagram, Imgur, IMDB, Ifunny, Gaana, Flickr, Febspot, Facebook, ESPN, Douyin, Dailymotion, Buzzfeed, BluTV, Blogger, Bitchute, Bilibili, Bandcamp, Akıllı, 9GAG