Topic: Good thing for two-factor authentication. Coinbase account definitely hacked. (Read 2921 times)

Your email security should be the most important! you should have two-factor authentification on you email before anything else (of course I'm talking about your main email adress) gmail offers that and I'm sure other mail services do aswell

Chop Sticks.... Metal, bamboo or plastic? 

You should have a 2FA option on your email account as well.  If not, find one that offers it.

Yes. You have minor security with minor knowledge, they have a team working on keeping everything secure.

i just set up my google 2 step factor....


glad i saw this threadBTCBTC

Better not buy a iPhone 5S, they could cut your finger off to get into your system!

 

Ok, but this means someone hacking your Bitcoin account needs:

- Your email
- Your username on Coinbase
- Your phone number
- Access to your phone

That's a lot of stuff.  I'd say it's rather unlikely for all to be compromised by the same person without your PC being compromised.

Do you re-use the password on other sites? If so, which? This answer might point to where this is coming from.

If you don't, it might suggest that you have some form of virus/keylogger/trojan on your machine.

Recommend LastPass for managing complex and unique passwords.

Amazed people are still just realizing this.

-B-

move the coins and have a peacefull life 

I can confirm this. The amount of malware in the play store is actually disturbing. Here at college they have some pretty strict network standards as far as malware goes and my phone got kicked off the wifi because an update to one of the apps had malware with it. Rooting your phone makes it that much easier.

Post updated.

Wait...  You didn't realize someone who could guess your e-mail address could send a password reset request?

Look, careful planning and use of multiple wallets to improve security, including paper wallets or other offline wallets is smart.

Right now,  I do believe your priority should be to make sure your EMAIL account has 2-factor authentication enabled, and that you are using a SECURE  e-mail provider,  not one like Apple, that might allow  someone else to reset your email account creds by making a phone call or otherwise social-engineering support.

I would suggest booting from a bootable Linux CD  (to sidestep, just in case of PC-based malware),  log into your CB and E-mail account, and carefully go over your security questions.

Make sure none of the security questions are guessable.
MAYBE change them all  (write down and vault the new answers), for good measure.

to the OP even account with 2fa isn't safe every time... rooting your phone you are letting some people free in plus there is such a big amount of malware in play store that sooner or later someone will get what they want...

https://www.youtube.com/watch?v=6oAQoDfeN08

I wasn't pointing a finger at the OP for being insecure, I should have worded that better, sorry. Coinbase has to comply with AML laws of 50 states. I *know* that they have had to jump through a thousand hoops to do that. I work with network security, and PCI compliance (Payment Card Industry). My work is going through PCI tests now, and it is a huge headache.

Statistically, the chances are high that the OP is using Windows, which also 'by the numbers' has the highest chance of being broken into. Microsoft is dropping all updates for XP on April 8. I got an email today, estimating that 30% of people are still running XP. With no more security updates, XP will become a playground for black hats. Anyone that runs a local wallet on XP is foolish and at risk. Encrypt your wallet at the very least, please get rid of of XP at the best. Even if your wallet.dat is local, and encrypted, a keystroke logger gives  up all your passwords to everything that you log in to.

The OP may be a Mac guy, or a Linux guru, in which case that chances are very low that his PC got broken in to. Still, Coinbase has to live by much higher standards than any of us do. 2FA is a very good thing, everyone should use it when they can. Logs can be scary when you look at them, but all of that is firehose probing for common default vulnerabilities. Nobody has singled you out.

MtGox was in Japan, they had no such laws to comply with. I recommend Coinbase to my friends and family in the USA.

I can't vouch for any statistical analysis, but when I last looked at my router logs, I'd see an average of 5 probes (A single IP addresses looking for open ports) a day.  About 40% are Chinese, usually attached to a university, followed by probes from Russia, then other European and US addresses in number.   It's a little unnerving when you are aware that random people checking the lock on your door several times a day.

I trust exchanges way more than I trust myself and my setup.

I think that they were speaking generally...

However, Coinbase likely spends a great deal more money than many here do, for the sake of securing their computer systems. Although Coinbase may be targeted more than the average PC or whatever, they also are cognizant of that, and so they take steps to prevent having security threats, which is evidenced in part by the fact that they haven't suffered from any "hacks" to my knowledge.

Is there proof of this?

It just means somebody who has your email address submitted it to coinbase.  If they compromised your email, then you would have a problem.