Coinbase, the largest US-based exchange, has just revealed a notice that close to 69,461 people had their data released and have been used by extortionists.
The report, which came directly from the office of Maine’s Attorney General, shows the gravity of the situation.
Even though login credentials and two-factor authentication keys were not breached, the criminals do have a significant amount of personal data, such as the following:
- Transaction history, snapshots, and other account data.
- Government identification, such as a passport, Driver’s license, etc.
- Masked bank account details
- Partial social security number
- Emails
- Phone numbers
- Address
In an all-new SEC filing, Coinbase said the perpetrators used an overseas contract black hat group to breach the data.
The report said the data was used to hold ransom for around $20 million. However, Coinbase refused to pay the ransom.
The company representative said, “Instead of funding criminal activity, we have investigated the incident, reinforced our controls, and will reimburse customers impacted by this incident.” The online landscape has already been riddled with rumors about what happened next.
Spoke Reddit users came forward with a claim suggesting that the users have reported receiving unsolicited password reset messages.
While most people ignored the message, some did accept it, leading to a data breach.
As of now, the monetary damages of the breach is unclear as there are no reports to substantiate the whole thing.
