Black Hawk Online Games: After data leak: Bitcoin wallet service Coinbase faces phishing attacks

Information about its merchants’ names, e-mail addresses, and product details on the Coinbase website were publicly, and presumably accidentally exposed by Bitcoin wallet service Coinbase. Thus making the exposed e-mail addresses the target of phishing attacks.

Coinbase says only certain Coinbase merchants had their email addresses exposed. They assured that there were no transaction receipts leaked, as the previous story initially stated.

Coinbase is a Y Combinator-backed startup. It is a well-known service for holding or keeping users’ bitcoins.

“Checkouts”, it was the label of the URLs pages. These pages appear to be transaction receipts. An example was a 0.05 BTC ($6.85) transaction labeled as a donation. The other one was a $980 transaction for “8 managed VPS hosts” from a company called cachedd. And third was a 229.99 BTC ($31,508) transaction for “AVALANCHE SPA POWDER.”

In a one of recent blog post, Coinbase warned users to “beware of a phishing attack.” Someone has been sending e-mails to Coinbase users claiming that they need to log in to confirm recent transactions but directing them to a website not controlled by Coinbase. Late Friday morning, the leaked information was still publicly available on the Coinbase website.

There is no proof of a security problem with the Coinbase site. As long as users don’t fall for the phishing scheme, their funds should be safe.

Update: Coinbase response: Your information is not going to be shown on one of these pages unless you created a “buy now”/donate button or checkout page and posted a public link to it somewhere. Order pages are designed to be public so customers can reach them, although we should have taken more care to not make them easily indexible by Google.

The email in particular, although we encoded using hex encoding to make it more difficult to scrape, should not be shown on that page. We will take a look today at some ways to get it removed from the Google cache, and avoid having these pages indexed. Will post an official response on our blog shortly. Sorry for the scare!

In short – no customer information is public. Only the emails of a subset of merchants who have placed their widgets on public websites

A Q and A was as well posted on Coinbase blog.

A previous version of the story described the pages Google indexed as “transaction receipts,” but Coinbase says they’re actually merchants’ product pages. According to Coinbase, “There wasn’t any transaction data, customer data, or receipts leaked,” though they say that displaying merchants’ email addresses was a mistake. We’ve updated the story accordingly and we regret the error. http://blackhawkmines-online.com/2013/04/10/black-hawk-online-games-after-data-leak-bitcoin-wallet-service-coinbase-faces-phishing-attacks/

Related Articles - black, hawk, mines, online, games, reviews,

Email this Article to a Friend! Receive Articles like this one direct to your email box! Subscribe for free today!