Coinbase Signup Bug Affects 3420 User Passwords
Coinbase the U.S based cryptocurrency exchange has announced that 3420 users got affected by a signup bug. Coinbase signup bug lets user’s registration details being stored in simple text format on Coinbase internal web server logs.
The registration information includes username, E-mail, Name, Password etc. Coinbase ensures that the root cause of the bug is now fixed and the information stored in web server logs was not accessed or compromised to any other party.
Coinbase mailed all the affected users and advise them to change their password in no time.
What Happens Here?
Coinbase explained that under a very rare condition the signup page wouldn’t load correctly. Any attempt to create a new account under that condition would fail. This also results in storing all the information including password in text format on internal web server logs.
If the user reloads the page and again submit the form, then the password will be securely stored in a hashed way. However, in 3420 cases the password was not hashed and stored in text format.
Coinbase Responds
Coinbase claims that after identifying the bug, it is fixed by our professionals. Coinbase tracks all the places where these logs are stored. Coinbase further explains:
“A thorough review of access to these logging systems did not reveal any unauthorized access to this data. Additionally, we triggered a password reset for impacted customers.”
Along with this, device verification email and 2FA mechanisms both have triggered to block any unauthorised login attempt.
