English
Arabic
Chinese (Simplified)
Indonesian
Russian
Crypto alternate Coinbase has confirmed that it was briefly compromised by the identical attackers that focused Twilio, Cloudflare, DoorDash and greater than 100 different organizations final 12 months.
In a autopsy of the incident printed over the weekend, Coinbase mentioned that the so-called “0ktapus” hackers stole the login credentials of one in every of its staff in an try to remotely achieve entry to the corporate’s techniques.
0ktapus is a hacking group that focused greater than 130 organizations in 2022 as a part of an ongoing effort to steal the credentials of hundreds of staff, typically by impersonating Okta log-in pages. That determine of 130 organizations is now possible a lot larger, as a leaked CrowdStrike report seen by starcrypto claims that the gang is now focusing on a number of tech and online game firms.
Within the case of Coinbase, the 0ktapus hackers first despatched spoofed SMS textual content messages to a number of staff on February 5 advising that they wanted to log in urgently utilizing the hyperlink supplied to obtain an essential message. One worker adopted the phishing hyperlink and entered their credentials. Within the subsequent part, the attacker tried to log into Coinbase’s inside techniques utilizing the stolen credentials however failed as a result of entry was protected with multi-factor authentication.
Some 20 minutes later, the attacker used voice phishing, or “vishing,” to name the worker claiming to be from the Coinbase IT crew, and directed the sufferer to log into their workstation. This allowed the attacker to view worker info, together with names, e-mail addresses and telephone numbers.
“A menace actor was capable of view the dashboard of a small variety of inside Coinbase communication instruments and entry restricted worker contact info,” Coinbase spokesperson Jaclyn Gross sales advised starcrypto. “The menace actor was capable of see, by way of a display screen share, sure views of inside dashboards and accessed restricted worker contact info.”
Nevertheless, Coinbase says its safety crew responded shortly, stopping the menace accessor from accessing buyer knowledge or funds. “Our safety crew was capable of detect uncommon exercise shortly and forestall some other entry to inside techniques or knowledge,” Gross sales added.
Coinbase mentioned no buyer knowledge was accessed, however the firm’s chief info safety officer, Jeff Lunglhofer, mentioned he recommends that customers take into account switching to {hardware} safety keys for stronger account entry, however didn’t say whether or not it makes use of {hardware} keys internally, which can’t be phished.