Coinbase User Data Leak? | Bitcointalksearch.org

zedicus

legendary

Activity: 966

Merit: 1004

CryptoTalk.Org - Get Paid for every Post!

Quote from: brian_armstrong on April 05, 2013, 10:52:57 AM

Coinbase CEO here.

Just updated with a blog post: http://blog.coinbase.com/post/47198421272/data-on-public-merchant-pages

These are merchant checkout pages. Your information is not going to be shown on one of these pages unless you created a "buy now" button, donate button, or checkout page and posted a public link to it somewhere as a merchant. Order pages are designed to be public so customers can reach them, but we messed up by making them publicly indexable and including merchant contact info there without being more explicit. The email in particular should not have been included. More details in the blog post. Very sorry for the trouble on this!

Thanks brian for chiming in.. as a coinbase user myself i echo lukestokes sentiment.

Best,
Zedicus

Zangelbert Bingledack

legendary

Activity: 1036

Merit: 1000

Well that's a relief. This had a lot of people freaking out on reddit, what with the Instawallet hack and other perpetual issues we start to wonder if everything is just randomly exploding.

axus

full member

Activity: 129

Merit: 100

People were pointing out "innocuous" problems with Instawallet's website a while back. It definitely makes you wonder.

MPOE-PR

hero member

Activity: 756

Merit: 522

Quote from: Severian on April 05, 2013, 09:29:32 AM

Quote from: Tonko on April 05, 2013, 08:53:02 AM

An example that, even if you get a business side right, if you get shitty programmers, things won't fly.

They got the "get the money from the muppets" part of the business right anyway.

A. They didn't get the business side right. At all.
B. A business composed of programmers will always fail. Because programmers suck. At life.

And here's a fine example of Ycombinator being the freakshow that it is:

Quote

It's one thing to lose people's bitcoins or randomly delay/cancel transactions (both of which Coinbase has been accused of). People know that bitcoin is still young and the companies supporting it are inexperienced, so they expect that.

We expect Central Casting "entrepreneurs" to lose our Bitcoins. Har har.

lukestokes

full member

Activity: 165

Merit: 102

Live life on purpose

Quote from: brian_armstrong on April 05, 2013, 10:52:57 AM

Coinbase CEO here.

What we're looking at is a list of merchant checkout pages. It is the information merchants fill out on this page:

http://cl.ly/image/2P2s2a0j002e

Or https://coinbase.com/merchant_settings

Your information is not going to be shown on one of these pages unless you created a "buy now"/donate button or checkout page and posted a public link to it somewhere. Order pages are designed to be public so customers can reach them, although we should have taken more care to not make them easily indexible by Google.

The email in particular, although we encoded using hex encoding to make it more difficult to scrape, should not be shown on that page. We will take a look today at some ways to get it removed from the Google cache, and avoid having these pages indexed.

We will post a public response on our blog shortly. Sorry for the scare!

Thank you for the update, Brian. I'm glad to see CEO's here in the forums. Right now, in the just-out-of-toddler stages of Bitcoin, this forum, the IRC channel and the Subreddit are the lifeblood of the system. Quick, honest communication is critical to keep things flowing.

brian_armstrong

newbie

Activity: 29

Merit: 0

Coinbase CEO here.

Just updated with a blog post: http://blog.coinbase.com/post/47198421272/data-on-public-merchant-pages

These are merchant checkout pages. Your information is not going to be shown on one of these pages unless you created a "buy now" button, donate button, or checkout page and posted a public link to it somewhere as a merchant. Order pages are designed to be public so customers can reach them, but we messed up by making them publicly indexable and including merchant contact info there without being more explicit. The email in particular should not have been included. More details in the blog post. Very sorry for the trouble on this!

tylercrumpton

newbie

Activity: 6

Merit: 0

I commented with this on the Reddit post, but I'll put it here as well.

Quote

From my preliminary research here is what I see has happened:

When you add a "Buy with Bitcoin" button from Coinbase to your website (as a merchant), it allows the user to click the button to open a Coinbase page/popup to allow you to pay for an item, donate, etc. This button already displays your name, email, and address. When the googlebot comes crawling around your site, it finds the button, follows the link, and indexes the transaction page.

It does not appear that transactions themselves (an individual purchase) are indexed, nor do I see anyway that would be possible without a major mix-up on Coinbase's side. The only thing that google has cached is essentially a list of "Buy With Bitcoin" buttons.

Feel free to correct me if I missed something here, but I just wanted to help prevent the FUD of "OMG COINBASE ARE LIKE GOOGLE-POSTING MY PURCHASES".

Zangelbert Bingledack

legendary

Activity: 1036

Merit: 1000

Quote from: RaTTuS on April 05, 2013, 07:50:14 AM

https://bitcointalksearch.org/topic/coinbase-redit-167890
one post below you ! Wink

This got moved here from Discussion for some reason. Seems serious enough, so I posted it there.

Severian

sr. member

Activity: 476

Merit: 250

Quote from: Tonko on April 05, 2013, 08:53:02 AM

An example that, even if you get a business side right, if you get shitty programmers, things won't fly.

They got the "get the money from the muppets" part of the business right anyway.

lukestokes

full member

Activity: 165

Merit: 102

Live life on purpose

Anyone else feel like this will be all over the news soon? The haters are surely looking for more mud to sling. I wonder if it will shake some coin free from loose hands who thought any transaction using Bitcoin is fully and completely anonymous.

Tonko

full member

Activity: 126

Merit: 100

Quote from: Severian on April 05, 2013, 07:54:52 AM

I had no idea their founder is a Goldman Sachs alum:

https://angel.co/fred-ehrsam/activity

Coinbase is the Bankers' Revenge.

An example that, even if you get a business side right, if you get shitty programmers, things won't fly.

mccoyspace

full member

Activity: 237

Merit: 101

This doesn't seem like that big of a deal. It's not like the instawallet / easywallet google hole.

jamesg

vip

Activity: 1358

Merit: 1000

AKA: gigavps

Here is a nice little google search of all the checkout pages: Do it

Mark Oates

full member

Activity: 168

Merit: 100

Sooo, I'm confused...

This is no different than a person selling something on their website with paypal, and in the form:

[email protected] ">

Except someone found a way to access the addresses of these prefab coinbase buy-now buttons that these merchants put into their websites?

Severian

sr. member

Activity: 476

Merit: 250

I had no idea their founder is a Goldman Sachs alum:

https://angel.co/fred-ehrsam/activity

Coinbase is the Bankers' Revenge.

RaTTuS

hero member

Activity: 792

Merit: 1000

Bite me

https://bitcointalksearch.org/topic/coinbase-redit-167890
one post below you ! Wink

🏰 TradeFortress 🏰

vip

Activity: 1316

Merit: 1043

👻

Oh hey.

https://coinbase.com/checkouts/6690dd13bc9b07e4c9f0217ecd7f8aed

Or hey.

https://coinbase.com/checkouts/672b4c4fdf589693aecb25289a3cd872

They never heard of noindex?

Zangelbert Bingledack

legendary

Activity: 1036

Merit: 1000

http://www.reddit.com/r/Bitcoin/comments/1bq2p8/coinbase_publishes_your_name_and_email_publicly/

This looks bad.

Topic: Coinbase User Data Leak? (Read 21462 times)