Categories
  1. SENTINEL
  2. Data Breaches
  3. What You Need to Know about the Coinbase Data Breach

What You Need to Know about the Coinbase Data Breach

Table of Contents

  • Published: Jun 25, 2024
  • Last Updated: Jul 09, 2024

Coinbase is a popular cryptocurrency exchange platform and one of the largest such companies in the United States. Founded in 2012, Coinbase is reportedly the second-largest cryptocurrency exchange in the world, behind Binance. The company prides itself as a secure online platform for transferring, buying, selling, and storing cryptocurrency.

In 2021, over 6,000 customers had funds stolen from their Coinbase accounts in a breach in the company's SMS-based two-factor authentication system. In the breach, hackers exploited a limitation in the cryptocurrency company’s SMS Account Recovery process, allowing them to get SMS 2FA tokens and gain access to customers' accounts.

Coinbase data breach

Coinbase claimed they were unable to determine conclusively how hackers gained access to users' login credentials but said such attacks typically involve phishing and other social engineering techniques to trick victims into disclosing their access credentials. Leaked information in the 2021 breach includes names, phone numbers, home addresses, transaction histories, IP addresses for account activity, dates of birth, account holdings, and balances. Coinbase informed customers that the third party who accessed this information could have changed phone numbers, email addresses, or other information associated with their accounts.

Once Coinbase learnt of the breach, they updated their SMS Account recovery protocols to prevent further bypassing of the authentication process. The company promised to deposit funds into the accounts of affected customers equal to the value of the currency improperly removed from their accounts at the time of the breach. Furthermore, Coinbase provided free credit monitoring and set up a dedicated phone support line for the affected users.

When Was the Coinbase Data Breach?

Coinbase states that account breaches took place between March 2021 and May 2021 via a massive email phishing campaign.

How to Check If Your Data Was Breached

Coinbase sent out notification letters to all of its customers affected by the 2021 data breach. If you did not receive a notification from the company, you are unlikely to have been impacted by the leak.

What to Do If Your Data Was Breached

Coinbase customers who use SMS 2FA authentication were advised to use a stronger method to secure their accounts. Some of the Coinbase-recommended options include using a time-based one-time password (TOTP) or hardware security key to secure accounts.

Coinbase also encouraged customers to change the passwords to their Coinbase accounts to stronger and unique passwords that are not used on other online sites. Since third parties required access to victims' personal email accounts, customers were also advised to change the passwords for their email accounts and other online accounts where similar passwords were used.

Are There Any Lawsuits Because of the Data Breach?

Although Coinbase has faced several lawsuits for various matters, the company was not sued for the 2021 data breach.

Can My Coinbase Information Be Used for Identity Theft?

Yes, since personally identifiable information was leaked in the 2021 Coinbase data breach, your Coinbase information can be used for identity theft.

What Can You Do to Protect Yourself Online?

If your data was compromised in the Coinbase data breach, you want to protect yourself from potential data breach, follow these recommendations:

  • Change your passwords regularly, especially after a data breach. Consider using strong and unique passwords that are at least 8 characters long and a mixture of symbols, letters, and numbers.
  • Use multi-factor authentication. Using multi-factor authentication adds additional layers of security to your account.
  • Check for updates from the company. Typically, if your data was involved in a major data leak, the company will post disclosures about affected persons or customers and updates about mitigating the risks of the data breach.
  • Watch your accounts and check your credit reports. You should be vigilant about suspicious activities that may appear on your bank account and other financial accounts after a data breach. Check your credit card statements and beware of suspicious transactions.
  • Freeze your credit. You can freeze your credit for free so as to prevent access to all of your personal data. Hence, if identity thieves gain access to your personal information, they will not be able to open new accounts under your name.
  • Do not reuse similar usernames and passwords on multiple online accounts
  • Do not open or click attachments in emails
  • Update the antivirus on your computer to avoid hacking, ransomware, and malware.
  • Do not provide personally identifiable information to any requester online or over the phone unless you contacted them first.

Table of Contents

Related Articles

News Article

What is Data Leak and How to Prevent Accidental Data Leakage

Data breaches take many forms, and one of them is through data leak and accidental web exposure. M ... Read More

News Article

The Saga of T-Mobile Data Breach: 2013, 2015, 2021 and 2023 Hacks

T-Mobile has experienced a number of data breaches in the past decade. The first case occurred som ... Read More

News Article

Anthem Data Breach Exposed 78 Million Records

In the Anthem Data Breach of 2015, hackers were able to steal 78.8 million member’s records. ... Read More

News Article

Everything You Need to Know About Insider Data Breach

Data breaches are on the news frequently, but the average person doesn’t really know that much a ... Read More

News Article

The NSA Hack, How Did it Happen?

The National Security Agency (NSA) was the main attraction in a major data breach involving three ... Read More

Latest Articles

Google Voice Scams: What They Are and How to Stay Safe

Google Voice Scams: What They Are and How to Stay Safe

Google Voice scams continue to pose a risk for users of this service. Scammers continuously attempt to lure users into divulging their verification PIN code.

Read More
What Are Pretexting Attacks: Scam Types and Security Tips?

What Are Pretexting Attacks: Scam Types and Security Tips?

Have you ever received a text from someone you do not know? Did you become alarmed by the message? Did the message contain information about you and the people you know?

Read More
What is a Time-based One-time Password (TOTP)?

What is a Time-based One-time Password (TOTP)?

Authentication is the process that verifies the user's identity to control access to resources, prevent unauthorized users from gaining access to the system, and record user activities (to hold them accountable for their activities).

Read More

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

Read More
How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Read More
Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Read More
Show More
Comprehensive Identity Monitoring & Protection

1 in 4 Americans Fall Victim to Identity Theft. Beat the Statistics. Protect Your Information Start by Running a Free
Instant Identity Threat Scan

Please enter first name
Please enter last name
Please select a state
Notice

By proceeding with this scan, you agree to let IDStrong run a Free Scan of supplied parameters of your personal information and provide free preliminary findings in compliance with our Terms of Use and Privacy Notice. You consent to us using your provided information to complete the Free Scan and compare it against our records and breach databases or sources to provide your Free preliminary findings report.

Rest assured: IDStrong will not share your information with third parties or store your information beyond what is required to perform your scan and share your results.

I Do Not Agree I Agree
Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address
Close