Extortionists bribed Coinbase employees to give them customer data

Coinbase has been betrayed from within. The cryptocurrency exchange said that cyber criminals bribed some of its support agents to share personal information about Coinbase customers. Attackers acquired data such as names, addresses, emails, phone numbers, images of government IDs, masked bank account numbers and masked sections of social security numbers. The perpetrators tricked some Coinbase users into sending them money and also demanded $20 million from the company to not publicly disclose the ill-gotten information.

Coinbase has not paid the ransom and is cooperating with law enforcement to press charges. In the blog post, the company said it would offer a $20 million reward for information that could lead to arresting and convicting the remaining attackers. It also said that users' login credentials, two-factor authentication codes and private keys are still secure. It will reimburse customers who sent funds to the extortionists and will place additional safeguards on vulnerable accounts. According to an SEC filing, the incident is projected to cost Coinbase $180 million to $400 million.

This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/extortionists-bribed-coinbase-employees-to-give-them-customer-data-174713732.html?src=rss https://www.engadget.com/cybersecurity/extortionists-bribed-coinbase-employees-to-give-them-customer-data-174713732.html?src=rss