3,420 Coinbase Customers Affected by Password Glitch
By Luke Flowers – Cryptocurrency Enthusiast
Coinbase revealed that a small portion of its customers’ passwords were stored in plain text on an internal server log after disclosing a vulnerability. However, the exchange did say the information was not accessed inappropriately by outside sources meaning no user who looked to buy Bitcoin during the period lost any funds.
Coinbase posted on their blog that a “password storage issue,” which had affected less than 3,500 customers, briefly led to personal information like passwords to be stored in clear readable text on internal logging systems. Though they confirmed this information was not accessed by outside sources, any affected that may have chosen to buy and sell Bitcoin through the platform, could have been at risk from the potential hack or inside staff.
The post reads:
“Under a very specific and rare error condition, the registration form on our signup page wouldn’t load correctly, which meant that any attempt to create a new Coinbase account under those conditions would fail” This led to the individuals name, email and password being recorded on internal logs.
In over 3,420 instances, potential customers would apply the same password when signing up for the second time, which would have worked but it would have resulted in having a password that matches the hashed version on the company’s logs. A location that’s not as secure if a malicious entity tried to brute force their way in. Coinbase had notified its customers by Friday to prevent any user potentially buying crypto just to loss it.
Though this could have compromised user’s password information, Coinbase ensure greater security with its mandatory 2FA. Any attempt to log into the user account would have triggered the 2FA and blocked the attempt.
This error happened because Coinbase is using the React.js server-side rendering on the signup page. What happens is that whenever a user visits a page to sign up for their account, React displays the form that is required to be filled.
You can buy and sell Bitcoin UK through our innovative platform so make sure you check it out!
Dear valued BC Bitcoin UK Clients,
I hope this email finds you well. We are reaching out to inform you of some significant changes to our services that directly impact our operations within the United Kingdom. Regrettably, due to the recent regulatory developments introduced by the Financial Conduct Authority (FCA) and the implementation of the new Financial Promotions Regime, BC Bitcoin is no longer able to offer our services to clients based in the UK. This very difficult decision is in compliance with the regulatory framework and ensures that we uphold the highest standards of transparency and legality. You can view the FCA publication here: https://www.fca.org.uk/publication/finalised-guidance/fg23-3.pdf As a result, we would like to inform you of the following changes and provide guidance on how to manage your assets with BC Bitcoin:
1. **Service Termination for UK Clients:**
BC Bitcoin will no longer be able to accept new purchase orders from clients residing in the United Kingdom.2. **Continued Operation Outside the UK:**
Despite the changes within the UK, BC Bitcoin will continue to operate outside of the UK as normal. Our services will remain unaffected for clients in other regions.3. **Withdrawal of Assets:**
For our UK clients holding assets with BC Bitcoin, we want to assure you that your assets are secure. You have the option to safely withdraw your assets or exchange them to GBP or EUR and subsequently withdraw. We have streamlined the withdrawal process to ensure convenience for our clients.4. **Conversion of Assets:**
To convert your Holdings to fiat please log in to your BC Bitcoin account and submit a sell order for the amount of coin you hold with us. During the process you will shown how much you will receive and asked the bank details you wish to receive payment to. In addition, you can request the conversion by emailing info@bcbitcoin.com from your registered email address. If you encounter any issues or require assistance, our customer support team is ready to help you throughout the process.5. **Withdrawal Procedure:**
To initiate a withdrawal, please email your request to info@bcbitcoin.com from your registered email address. You may be asked some security questions to verify your identity. If you encounter any issues or require assistance, our customer support team is ready to help you throughout the process. These changes are effective immediately, and we appreciate your understanding and cooperation during this transitional period. We understand that this may be an inconvenience for our UK clients, and we sincerely apologise for any disruption this may cause. Thank you for being a valued part of the BC Bitcoin community. We are committed to providing you with a seamless experience as we navigate through these regulatory changes. If you have any questions or concerns, please do not hesitate to reach out to our customer support team at info@bcbitcoin.com Kind Regards