Coinbase fixes 2FA log error making people think they were hacked

As BleepingComputer first reported earlier this month, Coinbase had mistakenly labeled failed login attempts with incorrect passwords as two-factor authentication failues in the Account Activity logs. These mislabeled entries could have also been used in social engineering attacks to convince users their account credentials were compromised, potentially allowing threat actors to gain sensitive information. Numerous Coinbase users contacted BleepingComputer with concerns that Coinbase had been breached as their passwords were unique to the site, there was no sign of malware, and no other accounts were affected. Threat actors commonly target Coinbase customers in social engineering attacks to gain access to their accounts and drain the stored cryptocurrency. However, Coinbase confirmed to BleepingComputer that its logging system was incorrectly attributing login attempts with incorrect passwords as "2FA failures," even though the attackers had not successfully reached the 2FA stage. Coinbase has now pushed an update to fix this incorrect labeling so that "Password attempt failed" logs are shown in Account Activity instead. Coinbase has said in the past that they will never call customers or send text messages requesting they change passwords or reset two-factor authentication and that customers should treat all such messages as scams. However, ongoing campaigns use automated SMS phishing (smishing) attacks and voice calls to impersonate Coinbase and attempt to steal 2FA tokens or credentials, so all users should be wary. Coinbase has fixed a confusing bug in its account activity logs that caused users to think their credentials were compromised. When a threat actor attempted to access someone's account and used the wrong password, error messages stating "second_factor_failure" or "2-step verification failed" would be shown instead. Bugs like this are essential to fix as they cause unnecessary panic, with users telling BleepingComputer that they had reset all of their passwords and spent hours trying to determine if their devices were compromsed due to this bug. BleepingComputer was told that threat actors used these mislabeled error messages as part of such attacks but could not independently verify if that was true. Lawrence Abrams Lawrence Abrams is the owner and Editor in Chief of BleepingComputer.com. Lawrence's area of expertise includes Windows, malware removal, and computer forensics.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Sun, 27 Apr 2025 18:25:09 +0000

Cyber News related to Coinbase fixes 2FA log error making people think they were hacked

Coinbase to fix 2FA account activity entry freaking out users - Unfortunately, BleepingComputer was told that threat actors use these erroneous error messages as part of social engineering attacks that attempt to breach Coinbase accounts by making targets think their credentials are compromised. Coinbase is ...
1 month ago Bleepingcomputer.com

Coinbase fixes 2FA log error making people think they were hacked - As BleepingComputer first reported earlier this month, Coinbase had mistakenly labeled failed login attempts with incorrect passwords as two-factor authentication failues in the Account Activity logs. These mislabeled entries could have also been ...
1 month ago Bleepingcomputer.com

Speaking Freely: Alison Macrina - In the US, I think about power that comes from, not just the government, but also rich individuals and how they use their money to influence things like free speech, as well as corporations. I think the best way that we can use our speech is using it ...
1 year ago Eff.org

Coinbase phishing email tricks users with fake wallet migration - A large-scale Coinbase phishing attack poses as a mandatory wallet migration, tricking recipients into setting up a new wallet with a pre-generated recovery phrase controlled by attackers. Instead, the phishing email includes a recovery phrase, which ...
2 months ago Bleepingcomputer.com

Coinbase data breach exposes customer info and government IDs - While the threat actors managed to steal a combination of personally identifiable information of up to 1% of Coinbase's customer base (around 1 million individuals), they couldn't steal customers' private keys or passwords, and couldn't ...
2 weeks ago Bleepingcomputer.com

MFA vs 2FA: Which Is Best for Your Business? - If a user falls for a phishing scam and their credentials are compromised, multi-factor authentication or two-factor authentication provide an additional safeguard against a breach. MFA uses authentication factors such as a pin, an SMS code, an ...
1 year ago Techrepublic.com

Thousands of Young People Told Us Why the Kids Online Safety Act Will Be Harmful to Minors - How young people feel about the Kids Online Safety Act matters. These comments show that thoughtful young people are deeply concerned about the proposed law's fallout, and that many who would be affected think it will harm them, not help them. In ...
1 year ago Eff.org

Coinbase Hacked - Massive Data Breach Costs Them $400 Million - Coinbase emphasized that the breach did not impact the security of customer funds, as the involved contractors and employees lacked access to financial systems. The breach, orchestrated by an unknown threat actor, involved the unauthorized access of ...
2 weeks ago Cybersecuritynews.com

Coinbase offers $20 million bounty after extortion attempt with stolen data | The Record from Recorded Future News - The industry giant said in a regulatory filing with the Securities and Exchange Commission (SEC) that an “unknown threat actor” emailed a demand on May 11 for $20 million, threatening to publish stolen data about Coinbase customers and other ...
2 weeks ago Therecord.media

Ex-Cybersecurity Adviser to Bush, Obama Weighs in On Current Admin - Melissa Hathaway hasn't shied away from advising corporate boards and government leaders on cybersecurity policy since leaving the White House a decade ago. Currently a member of the Centre for International Governance Innovation's board of ...
1 year ago Darkreading.com

Coinbase was primary target of recent GitHub Actions breaches - This allowed the threat actors to steal a Personal Access Token that was then used to push a malicious commit to the tj-actions/changed-files GitHub Action that once again dumps CI/CD secrets to workflow logs. It is unclear how the breach ...
2 months ago Bleepingcomputer.com

GitHub warns users to enable 2FA before upcoming deadline - GitHub is warning users that they will soon have limited functionality on the site if they do not enable two-factor authentication on their accounts. In emails sent to GitHub users on Christmas Eve, the company warned that all users contributing code ...
1 year ago Bleepingcomputer.com

Mandiant says X account brute forced without 2FA protection The Register - Well, Mandiant's carefully worded response basically said it wasn't implemented. It didn't specifically point to the policy change X announced in February 2023, which was to disable SMS-based 2FA for users who didn't pay for Twitter Blue, but some ...
1 year ago Go.theregister.com

Payoneer accounts in Argentina hacked in 2FA bypass attacks - Numerous Payoneer users in Argentina report waking up to find that their 2FA-protected accounts were hacked and funds stolen after receiving SMS OTP codes while they were sleeping. Payoneer is a financial services platform providing online money ...
1 year ago Bleepingcomputer.com

US SEC's X account hacked to announce fake Bitcoin ETF approval - The X account for the U.S. Securities and Exchange Commission was hacked today to issue a fake announcement on the approval of Bitcoin ETFs on security exchanges. The announcement came this afternoon in a now-deleted tweet from the SEC's hacked X ...
1 year ago Bleepingcomputer.com

Tracers in the Dark: The Global Hunt for the Crime Lords of Crypto - Y is the author of a book I can very greatly recommend, with the fascinating title Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency. As I dug into this cypherpunk world, around 2010 and 2011, I came upon this thing that ...
2 years ago Nakedsecurity.sophos.com

KubeCon 2023: Not Your Father's Tenable - Look, full disclosure, I've been working with Tenable for 20 since I think Ron Gula and Renaud started Tenable. Alan Shimel: That'd be around 2001, maybe, I'm going to guess because that's when I had started my security company. We get a lot of ...
1 year ago Securityboulevard.com

Speaking Freely: Lynn Hamadallah - There's been a lot of censorship for example on social media, which I've experienced myself when posting content in support of Palestine. The argument put forward was that those cases represented instances of free speech rather than hate speech. You ...
1 year ago Eff.org

Decoding the Elusive 'FedEx' Scam: An Inside Look at the Tactics and Challenges - One type of spam that is going around lately is FedEx scam calls, which have been targeting people, and are also doing the rounds. Most people have been victims of online fraud at some point in their lives. For us to better understand this scam, ...
1 year ago Cysecurity.news

New Astaroth 2FA Phishing Kit Targeting Gmail, Yahoo, Office 365, and 3rd-Party Logins - To safeguard against sophisticated phishing attacks like the Astaroth 2FA phishing kit, users should create strong, unique passwords, enable two-factor authentication (2FA) using authenticator apps, and exercise caution when handling links or ...
3 months ago Cybersecuritynews.com

Post-quantum cryptography: Code-based cryptography - One option is to use error correction codes as a cryptographic primitive. The basics Error correction codes are digital codes used to reliably send data through an unreliable channel. In a noisy channel, corruption of some of the bits would yield an ...
11 months ago Redhat.com

Former Uber CISO Speaks Out, After 6 Years, on Data Breach, SolarWinds - Joe Sullivan arrived at his sentencing hearing on May 4 this year, prepared to go to jail had the judge not gone with a parole board's recommendation of probation. A federal jury convicted the former Uber CISO months earlier on two charges of fraud ...
1 year ago Darkreading.com

Twilio will ditch its Authy desktop 2FA app in August, goes mobile only - The Authy desktop apps for Windows, macOS, and Linux will be discontinued in August 2024, with the company recommending users switch to a mobile version of the two-factor authentication app. Authy is an authenticator app that allows users to set up ...
1 year ago Bleepingcomputer.com

SEC confirms X account was hacked in SIM swapping attack - The U.S. Securities and Exchange Commission confirmed today that its X account was hacked through a SIM-swapping attack on the cell phone number associated with the account. Earlier this month, the SEC's X account was hacked to issue a fake ...
1 year ago Bleepingcomputer.com

Be one of those people that gives back to the community - During the On Air recording, I noticed that Nicole had great camera presence and was able to articulate, what most people would consider, complex topics in a language that really anyone would understand. At some point I decided to make a career ...
1 year ago Feedpress.me