A bug could have lost the users of Coinbase a lot of money, confesses the exchange itself in its latest blog post.
Coinbase Holds Its Hands Up
The Friday “post mortem” revealed that an error on Coinbase sign-up page saved customers’ information on Coinbase internal web server logs – in a clear text. So a password writing which, say, looks like “123456” was appearing like “123456” to the staff at the San Francisco-based cryptocurrency firm. Ideally, it could have been hashed into non-readable text.
The bug, Coinbase admitted, affected 3,420 customers in total. Excerpts from their statement:
Under [a very specific] and rare error condition, the registration form on our signup page wouldn’t load correctly, which meant that any attempt to create a new Coinbase account under those conditions would fail. Unfortunately, it also meant that the individual’s name, email address, and proposed password (and state of residence, if in the US) would be sent to our internal logs.
The exchange said users who resubmitted the form had their password and other details hashed securely. Unfortunately, the 3,420 customers, as mentioned above, accidentally logged their private data onto Coinbase servers.
Coinbase Has Discovered A Password Bug: One of the largest exchanges in the crypto space, Coinbase, has discovered a bug that may affect around 3420 users. According to a blog post by Coinbase, the sign-up page ended storing registration details… https://t.co/eim1PUn0CF pic.twitter.com/sdBZbQRuCI
— Nacho Sanzu © 🇪🇸 (@morodog) August 18, 2019
No Damage Reported
Coinbase behaved like a good Samaritan and fixed the issue on top priority. The firm asserted that they traced the entire line of storage to confirm that it was not holding any of customers’ personal information.