Coinbase discloses bug that exposed the signup information of over 3,400 customers

Exchanges • August 16, 2019, 4:33PM EDT
The Block

Coinbase, the San Francisco-based cryptocurrency exchange, has disclosed a vulnerability that impacted 3,420 of its customers. The bug resulted in the registration details of said customers being stored in plain text on the firm's internal web server logs.

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

According to Coinbase, while the firm is confident it has fixed the cause of the bug and that the logged information has not been compromised, it has emailed its customers, requiring them to change their passwords.

In its post mortem post, Coinbase explains that "under a very specific and rare error condition, the registration form on our signup page wouldn’t load correctly, which meant that any attempt to create a new Coinbase account under those conditions would fail." However, Coinbase added, that the account creation failure also "meant that the individual’s name, email address, and proposed password (and state of residence, if in the US) would be sent to our internal logs." 

About Author

Steven Zheng is a researcher for The Block. He joined The Block in August 2018. Steven graduated from St. John’s University with a degree in economics. Previously, he covered blockchain and crypto at Radicle, a startup analytics firm. He also had brief stints at Cheddar, a media startup, and Bowery Capital, a venture capital firm. He owns bitcoin. Follow Steven on Twitter at: @Dogetoshi

More by Steven Zheng