CyberSecurityBoard
Sponsor Register Login

Coinbase to fix 2FA account activity entry freaking out users

Unfortunately, BleepingComputer was told that threat actors use these erroneous error messages as part of social engineering attacks that attempt to breach Coinbase accounts by making targets think their credentials are compromised. Coinbase is fixing a misleading account activity message that has caused confusion and anxiety, making users think their credentials were compromised. However, it turns out that the "second_factor_failure" or "2-step verification failed" account activity messages are shown in two different scenarios—when a user incorrectly enters the wrong 2FA code or when someone tries to log into their account with the wrong password. After receiving Coinbase phishing emails or texts, they logged into their accounts and checked the activity log, finding numerous entries stating "second_factor_failure" or "2-step verification failed" with login attempts from unusual locations. BleepingComputer was able to confirm this by logging into someone's account with the wrong password and the person telling us that their account activity page soon showed the mislabeled 2FA error. Coinbase has told BleepingComputer that they are looking into changing the error message when an incorrect password is entered but that there is no time frame as to when this occurs. As a reminder, Coinbase will never text or call you about suspicious activity on your account, so if you receive a phone call or text message, just ignore it and do not engage with the scammers. Coinbase account activity showing 2-step verification failed message. Making matters worse, these users claimed to have a complex, unique password at Coinbase, and there were no signs of malware on their devices, making them believe that Coinbase had been breached. Two-factor authentication prompts usually occur after a user successfully logs in with their credentials, so they immediately thought that their passwords were compromised and that only 2FA saved them from their account being hacked. Over the past couple of weeks, numerous people have contacted BleepingComputer about concerns that they think Coinbase has a serious security issue. Lawrence Abrams Lawrence Abrams is the owner and Editor in Chief of BleepingComputer.com. Lawrence's area of expertise includes Windows, malware removal, and computer forensics. "I think they mean that the error doesnt [sic] give any actual detail of what happened," a Coinbase customer posted to Reddit.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Sat, 05 Apr 2025 15:40:16 +0000


Cyber News related to Coinbase to fix 2FA account activity entry freaking out users

Coinbase to fix 2FA account activity entry freaking out users - Unfortunately, BleepingComputer was told that threat actors use these erroneous error messages as part of social engineering attacks that attempt to breach Coinbase accounts by making targets think their credentials are compromised. Coinbase is ...
1 month ago Bleepingcomputer.com
Coinbase fixes 2FA log error making people think they were hacked - As BleepingComputer first reported earlier this month, Coinbase had mistakenly labeled failed login attempts with incorrect passwords as two-factor authentication failues in the Account Activity logs. These mislabeled entries could have also been ...
1 week ago Bleepingcomputer.com
Coinbase phishing email tricks users with fake wallet migration - A large-scale Coinbase phishing attack poses as a mandatory wallet migration, tricking recipients into setting up a new wallet with a pre-generated recovery phrase controlled by attackers. Instead, the phishing email includes a recovery phrase, which ...
1 month ago Bleepingcomputer.com
MFA vs 2FA: Which Is Best for Your Business? - If a user falls for a phishing scam and their credentials are compromised, multi-factor authentication or two-factor authentication provide an additional safeguard against a breach. MFA uses authentication factors such as a pin, an SMS code, an ...
1 year ago Techrepublic.com
GitHub warns users to enable 2FA before upcoming deadline - GitHub is warning users that they will soon have limited functionality on the site if they do not enable two-factor authentication on their accounts. In emails sent to GitHub users on Christmas Eve, the company warned that all users contributing code ...
1 year ago Bleepingcomputer.com
Coinbase was primary target of recent GitHub Actions breaches - This allowed the threat actors to steal a Personal Access Token that was then used to push a malicious commit to the tj-actions/changed-files GitHub Action that once again dumps CI/CD secrets to workflow logs. It is unclear how the breach ...
1 month ago Bleepingcomputer.com
Mandiant says X account brute forced without 2FA protection The Register - Well, Mandiant's carefully worded response basically said it wasn't implemented. It didn't specifically point to the policy change X announced in February 2023, which was to disable SMS-based 2FA for users who didn't pay for Twitter Blue, but some ...
1 year ago Go.theregister.com
New phishing attack steals your Instagram backup codes to bypass 2FA - A new phishing campaign pretending to be a 'copyright infringement' email attempts to steal the backup codes of Instagram users, allowing hackers to bypass the two-factor authentication configured on the account. Two-factor authentication is a ...
1 year ago Bleepingcomputer.com
2FA-less GitLab users vulnerable to account takeovers The Register - GitLab admins should apply the latest batch of security patches pronto given the new critical account-bypass vulnerability just disclosed. Tracked as CVE-2023-7028, the maximum-severity bug exploits a change introduced in version 16.1.0 back in May ...
1 year ago Go.theregister.com CVE-2023-7028 CVE-2023-5356 CVE-2023-4812 CVE-2023-6955 CVE-2023-2030
New Astaroth 2FA Phishing Kit Targeting Gmail, Yahoo, Office 365, and 3rd-Party Logins - To safeguard against sophisticated phishing attacks like the Astaroth 2FA phishing kit, users should create strong, unique passwords, enable two-factor authentication (2FA) using authenticator apps, and exercise caution when handling links or ...
2 months ago Cybersecuritynews.com
Twilio will ditch its Authy desktop 2FA app in August, goes mobile only - The Authy desktop apps for Windows, macOS, and Linux will be discontinued in August 2024, with the company recommending users switch to a mobile version of the two-factor authentication app. Authy is an authenticator app that allows users to set up ...
1 year ago Bleepingcomputer.com
GitHub Wants All Users to Enable 2FA Before the End of 2023 - GitHub, the omnipresent nexus for developers and their code, has embarked on a decisive initiative aimed at fortifying the security of the software supply chain. In a groundbreaking announcement, the platform has set forth a mandate for two-factor ...
1 year ago Cybersecuritynews.com
Payoneer accounts in Argentina hacked in 2FA bypass attacks - Numerous Payoneer users in Argentina report waking up to find that their 2FA-protected accounts were hacked and funds stolen after receiving SMS OTP codes while they were sleeping. Payoneer is a financial services platform providing online money ...
1 year ago Bleepingcomputer.com
Gmail Hackers Leave Vital Clues Behind-Check These 3 Things Now - With more than 1.8 billion active accounts, Gmail is not only one of the most used services online but one of the most targeted by hackers. It's not hard to understand why, as Gmail soaks up around half of all email client usage by U.S. market share. ...
1 year ago Forbes.com
Phishing Campaign Targets Instagram Users, Steals Backup Codes and Circumvent 2FA Protection - A recent phishing scheme has emerged, posing as a 'copyright infringement' email to deceive Instagram users and pilfer their backup codes. These codes, integral for the recovery of accounts, are used to circumvent the two-factor authentication ...
1 year ago Cysecurity.news
Recent GitHub supply chain attack traced to leaked SpotBugs token - On March 11, 2025, the attacker used the stolen PAT to invite another dummy user (jurkaofavak) into SpotBugs, who pushed a malicious GitHub Actions workflow that exfiltrated another PAT belonging to a Reviewdog maintainer (RD_MNTNR) who also had ...
1 month ago Bleepingcomputer.com
Mandiant's X Account Was Hacked in Brute-Force Password Attack - Cyber threat intelligence giant Mandiant has shared the result of its investigation on its recent X account hijacking following a wave of crypto-related X account hacks. On January 3, 2024, the X account of Mandiant, a subsidiary of Google Cloud, was ...
1 year ago Infosecurity-magazine.com
CVE-2024-41958 - mailcow: dockerized is an open source groupware/email suite based on docker. A vulnerability has been discovered in the two-factor authentication (2FA) mechanism. This flaw allows an authenticated attacker to bypass the 2FA protection, enabling ...
7 months ago
AWS Root vs IAM User: What to Know & When to Use Them - In Amazon Web Services, there are two different privileged accounts. One is defined as Root User and the other is defined as an IAM User. In this blog, I will break down the differences of an AWS Root User versus an IAM account, when to use one ...
2 years ago Beyondtrust.com
What Can Go Wrong with Bank Online Account Opening? - Online account opening is one of the most crucial functions for banks today. They pull out their driver's license and show it to the camera on the phone or on the PC. The bank checks some data and vets the driver's license and a new account is ...
1 year ago Securityboulevard.com
CVE-2024-56581 - In the Linux kernel, the following vulnerability has been resolved: btrfs: ref-verify: fix use-after-free after invalid ref action At btrfs_ref_tree_mod() after we successfully inserted the new ref entry (local variable 'ref') into the respective ...
4 months ago Tenable.com
CSO's Guide: Water-Tight Account Security For Your Company - In today's escalating threat landscape, account takeover and credential compromise remain top attack vectors for data breaches. CSOs must mandate and implement robust account security to protect critical assets. This comprehensive guide examines ...
1 year ago Securityboulevard.com
PoisonSeed phishing campaign behind emails with wallet seed phrases - The phishing email includes a Coinbase wallet seed phrase, telling the user to enter it into a new crypto wallet as part of an upgrade or migration. If the victim follows this instruction and transfers their assets into it, they essentially ...
1 month ago Bleepingcomputer.com
What to do when receiving unprompted MFA OTP codes - Receiving an unprompted one-time passcode sent as an email or text should be a cause for concern as it likely means your credentials have been stolen. One of the initial components of a cyberattack is the theft of legitimate credentials to corporate ...
1 year ago Bleepingcomputer.com
How to Stop Your X Account From Getting Hacked Like the SEC's - This week, the United States Securities and Exchange Commission suffered an embarrassing-and market-moving-breach in which a hacker gained access to its X social media account and published fake information about a highly anticipated SEC announcement ...
1 year ago Wired.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)