Coinbase says some staff’ info stolen by hackers

Crypto change Coinbase has confirmed that it was briefly compromised by the identical attackers that focused Twilio, Cloudflare, DoorDash and greater than 100 different organizations final 12 months.

In a post-mortem of the incident revealed over the weekend, Coinbase stated that the so-called “0ktapus” hackers stole the login credentials of considered one of its staff in an try to remotely acquire entry to the corporate’s programs.

0ktapus is a hacking group that focused more than 130 organizations in 2022 as a part of an ongoing effort to steal the credentials of hundreds of staff, usually by impersonating Okta log-in pages. That determine of 130 organizations is now seemingly a lot increased, as a leaked CrowdStrike report seen by TechCrunch claims that the gang is now concentrating on a number of tech and online game corporations.

Within the case of Coinbase, the 0ktapus hackers first despatched spoofed SMS textual content messages to a number of staff on February 5 advising that they wanted to log in urgently utilizing the hyperlink offered to obtain an necessary message. One worker adopted the phishing hyperlink and entered their credentials. Within the subsequent section, the attacker tried to log into Coinbase’s inside programs utilizing the stolen credentials however failed as a result of entry was protected with multi-factor authentication.

Some 20 minutes later, the attacker used voice phishing, or “vishing,” to name the worker claiming to be from the Coinbase IT staff, and directed the sufferer to log into their workstation. This allowed the attacker to view worker info, together with names, e-mail addresses and cellphone numbers.

“A menace actor was capable of view the dashboard of a small variety of inside Coinbase communication instruments and entry restricted worker contact info,” Coinbase spokesperson Jaclyn Gross sales instructed TechCrunch. “The menace actor was capable of see, by way of a display share, sure views of inside dashboards and accessed restricted worker contact info.”

Nonetheless, Coinbase says its safety staff responded rapidly, stopping the menace accessor from accessing buyer knowledge or funds. “Our safety staff was capable of detect uncommon exercise rapidly and forestall some other entry to inside programs or knowledge,” Gross sales added.

Coinbase stated no buyer knowledge was accessed, however the firm’s chief info safety officer, Jeff Lunglhofer, stated he recommends that customers contemplate switching to {hardware} safety keys for stronger account entry, however didn’t say whether or not it makes use of {hardware} keys internally, which can’t be phished.

Source link






Leave a Reply

Your email address will not be published. Required fields are marked *