A vulnerability in the SMS multi-factor authentication mechanism of Coinbase was used by hackers to steal funds from 6000 users, BleepingComputer reported.
The breach of Coinbase customers’ accounts happened between March and May 20, 2021, in a hacking campaign that combined phishing scams and a vulnerability exploit on the company’s security measures.
“In this incident, for customers who use SMS texts for two-factor authentication, the third party took advantage of a flaw in Coinbase’s SMS Account Recovery process in order to receive an SMS two-factor authentication token and gain access to your account,” Coinbase told customers in electronic notifications.
Beyond stealing funds, the hackers also exposed customers’ personal information, “including their full name, email address, home address, date of birth, IP addresses for account activity, transaction history, account holdings, and balances,” per the report.
Dimitris is an Information Technology and Cybersecurity professional with more than 20 years of experience in designing, building and maintaining efficient and secure IT infrastructures.
Among others, he is a certified: CISSP, CISA, CISM, ITIL, COBIT and PRINCE2, but his wide set of knowledge and technical management capabilities go beyond these certifications. He likes acquiring new skills on penetration testing, cloud technologies, virtualization, network security, IoT and many more.