Lessons to learn from Coinbase phishing attacks
Coinbase, is a platform used for buying, selling, and storing cryptocurrency. The company had announced that a threat actor stole cryptocurrency from 6,000 customers after using a vulnerability to bypass the company's SMS multi-factor authentication security feature. Coinbase is the world's second-largest cryptocurrency exchange, with approximately 68 million users from over 100 countries. It explains that between March and May 20th, 2021, a threat actor conducted a hacking campaign to breach Coinbase customer accounts and steal cryptocurrency.
Coinbase says the attackers needed to know the customer's email address, password, and phone number associated with their Coinbase account and have access to the victim's email account. While it is unknown how the threat actors gained access to this information, Coinbase believes it was through phishing campaigns targeting Coinbase customers to steal account credentials, which have become common. Additionally, banking trojans traditionally used to steal online bank accounts are also known to steal Coinbase accounts.
Third parties first gained access to the email address, password, and phone number of the affected Coinbase customer in order to access to enter their accounts. The company said it wasn't sure how third parties got this access, and that it could have happened either through a phishing attack or another social-engineering technique. Coinbase says that it updated its SMS Account Recovery protocols as soon as it became aware of the problem.
The company is encouraging customers to secure their accounts with a TOTP (time-based one-time password) or a hardware security key. And, of course, recommends changing your current password.
· Be on guard for phishing attacks and use a way to automatically block a phishing attempt.
· People should consider alternatives to SMS authentication and instead use time-based one-time password, such as Google Authenticator.
· Users should also consider updating their current password on their Coinbase account.
· Coinbase threat actors may have been able to view critical personal information, including home addresses, date of birth and IP addresses. To help customers stay ahead of risks that emerge in the aftermath of data breaches, suggested to use advanced phishing & ID monitoring protection to guard against online scams and fraud.
MediaTek announces Dimensity 9000+ enhancement for flagship smartphone performance
MediaTek has announced the Dimensity 9000+, an enhancement to the company’s top-of-t...
Siemens accelerates digital transformation with launch of Siemens Xcelerator
Siemens AG has launched an open digital business platform, Siemens Xcelerator, to accelera...
Intel hosts the Safety Pioneers Conference to boost road safety in India
Intel reinforces its goal to use technology to enhance road safety in India. At the Safety...
Prama Excellence Meet conducted in Mumbai to showcase its surveillance products
Prama India has organized its third part of ‘PRAMA EXCELLENCE MEET’ event in M...
PRAMA hosts its EXCELLENCE MEET in New Delhi
Prama India has organized its Pan India Roadshows with its second event recently at New De...