An anonymous reader quotes a report from The Record: More than 6,000 Coinbase users had funds stolen from their accounts after hackers used a vulnerability in Coinbase’s SMS-based two-factor authentication system to breach accounts. The intrusions took place earlier this year, between March and May, the exchange said in a data breach notification letter it has filed with US state attorney general offices. Coinbase said the attacks could exploit this bug only if they knew the victim’s username and password. “While we are not able to determine conclusively how these third parties gained access to this information, this type of campaign typically involves phishing attacks or other social engineering techniques to trick a victim into unknowingly disclosing login credentials to a bad actor. “We have not found any evidence that these third parties obtained this information from Coinbase itself,” the company said. Coinbase said it would reimburse all users who lost funds in these intrusions.
Read more of this story at Slashdot.