Bitcoin wallet service Coinbase faces phishing attacks after data leak

(Arstechnica) -Bitcoin wallet service Coinbase has publicly, and presumably accidentally, exposed information about its users’ names, e-mail addresses, and details of their transactions on the Coinbase website. The exposed e-mail addresses have become the target of phishing attacks.

Coinbase, a Y Combinator-backed startup, is a popular service for holding users’ bitcoins. At the time of this writing, the leaked information was still showing up in Google searches of the Coinbase site:

The URLs of the pages label them “checkouts,” and they appear to be transaction receipts. One was a 0.05 BTC ($6.85) transaction labeled as a donation. Another was a $980 transaction for “8 managed VPS hosts” from a company called cachedd. A third was a 229.99 BTC ($31,508) trasnsaction for “AVALANCHE SPA POWDER.”

In a Thursday blog post, Coinbase warned users to “beware of a phishing attack.” Someone has been sending e-mails to Coinbase users claiming that they need to log in to confirm recent transactions but directing them to a website not controlled by Coinbase. Late Friday morning, the leaked information was still publicly available on the Coinbase website.

There’s no evidence of a security problem with the Coinbase site. Provided users don’t fall for the phishing scheme, their funds should be safe. But publicly exposing users’ contact information and transaction details is a pretty big screwup.

We’ve emailed Coinbase seeking comment and will update if they respond.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.