Pages:
Author

Topic: Has my data been breached? (Read 251 times)

hero member
Activity: 1750
Merit: 904
December 07, 2021, 01:38:39 PM
#24
<…>
I’m not sure I’m following the situation properly now. I figure you’ve got full control over the account, changed the password, but preserved de associated email.

One way to go would be to precisely change the email linked to the account, replacing it with a clean one that is not going to belong to any spam/hack lists around.

If you simply want to close the account, the procedure is described here:
https://help.coinbase.com/en/coinbase/managing-my-account/update-my-account/how-can-i-close-my-account

Now that you're mentioning, I can't actually recall changing the password last time I logged in, I'm pretty sure I did a stupid, and actually forgot to change the password. However, I'm still going to proceed closing the account, since it's already associated with a compromised email address.

Thank you.
@Ultegra134, recently there was one thread in which someone described exactly this method, and it is about hackers coming into possession of your login data, and all they need is 2FA code. In an attempt to deceive the user they do the following :

How do they do that? They send you a phishing text messages stating your account may have been compromised, and request that you text-reply the authorization code you are about to receive to confirm your identity. The bad guys then attempt a login to the target website using your username/password. That login triggers a text message to you containing the authentication code.

The bad guys now send another phishing text to your phone requesting that authentication code sent by the website. If you fall for this phishing attempt and text the authentication code back to the bad guys, they immediately enter that code, finalize the login for that target website and immediately change the password/security/phone numbers associated with that account. You are now locked out of your account and they have it for their use!

In addition to changing the e-mail and password on that exchange, you can also try to block the number from which these messages come from or turn off 2FA on the exchange.

That's not exactly the case, this is actually an text from Coinbase, provided that I don't want to use Coinbase, I could potentially be okay by blocking the number.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
December 07, 2021, 10:23:57 AM
#23
@Ultegra134, recently there was one thread in which someone described exactly this method, and it is about hackers coming into possession of your login data, and all they need is 2FA code. In an attempt to deceive the user they do the following :

How do they do that? They send you a phishing text messages stating your account may have been compromised, and request that you text-reply the authorization code you are about to receive to confirm your identity. The bad guys then attempt a login to the target website using your username/password. That login triggers a text message to you containing the authentication code.

The bad guys now send another phishing text to your phone requesting that authentication code sent by the website. If you fall for this phishing attempt and text the authentication code back to the bad guys, they immediately enter that code, finalize the login for that target website and immediately change the password/security/phone numbers associated with that account. You are now locked out of your account and they have it for their use!

In addition to changing the e-mail and password on that exchange, you can also try to block the number from which these messages come from or turn off 2FA on the exchange.
legendary
Activity: 2338
Merit: 10802
There are lies, damned lies and statistics. MTwain
December 07, 2021, 09:29:31 AM
#22
<…>
I’m not sure I’m following the situation properly now. I figure you’ve got full control over the account, changed the password, but preserved de associated email.

One way to go would be to precisely change the email linked to the account, replacing it with a clean one that is not going to belong to any spam/hack lists around.

If you simply want to close the account, the procedure is described here:
https://help.coinbase.com/en/coinbase/managing-my-account/update-my-account/how-can-i-close-my-account
hero member
Activity: 1750
Merit: 904
December 07, 2021, 08:52:55 AM
#21
Okay, this is getting rather annoying, second text I receive within a week, at approximately 6 am in the morning. Because I'm definitely bound to receive more of these texts, is there an actual way to permanently delete my account on Coinbase?

hero member
Activity: 1750
Merit: 904
December 04, 2021, 06:04:54 AM
#20
<…>
Since your data seems to have been pawned, it is prone to being used for all sorts of things (hacking, phishing, spamming, etc.), rather than just change passwords, it may pay off better to consider creating new emails and starting afresh, rethinking your email/credential strategy (i.e. how many emails to use and where + password manager + 2fa), and changing the credentials on the relevant sites.

I’ve gone through the above quite a few times, and although it’s cumbersome to change credentials on a wide range of sites, it’s something I try to do recurrently (done it with the phone number a few times too, although that has other implications).
That was the main reason I created a new email, quite a few years ago, and is now my main one. There are little accounts that I frequently use, associated with the old email, while I've proceeded and changed the password in most of them. It's just startled me to receive such a text message on my phone, I don't recall adding it back then, because I possibly had an older number. I must have added it a few months ago, in an attempt to retrieve my old Coinbase account, in case it had any funds deposited.
legendary
Activity: 2338
Merit: 10802
There are lies, damned lies and statistics. MTwain
December 04, 2021, 04:11:11 AM
#19
<…>
Since your data seems to have been pawned, it is prone to being used for all sorts of things (hacking, phishing, spamming, etc.), rather than just change passwords, it may pay off better to consider creating new emails and starting afresh, rethinking your email/credential strategy (i.e. how many emails to use and where + password manager + 2fa), and changing the credentials on the relevant sites.

I’ve gone through the above quite a few times, and although it’s cumbersome to change credentials on a wide range of sites, it’s something I try to do recurrently (done it with the phone number a few times too, although that has other implications).
hero member
Activity: 1750
Merit: 904
December 04, 2021, 03:51:51 AM
#18
You can check your email
It does not directly show your Coinbase account was compromised because of your data was breached but if your email was breached, something bad would happen.
Thank you for sharing this guide, never knew that such feature was actually provided by Google. It claims that I've got 12 compromised passwords, while a handful of reused passwords. Fortunately, the compromised ones weren't on any significant website, however, I'll need to start updating my passwords, just to be on the safe side.
legendary
Activity: 2310
Merit: 4085
Farewell o_e_l_e_o
December 04, 2021, 02:04:51 AM
#17
You can check your email
It does not directly show your Coinbase account was compromised because of your data was breached but if your email was breached, something bad would happen.
hero member
Activity: 1750
Merit: 904
December 03, 2021, 06:01:38 PM
#16
The good news, however, is that it's by an old email address, which I rarely use now, but does indeed still feature some websites I still use (such as Bitcointalk, old Coinbase account, Blockchain.com wallets). It's safe to say, that I need to take some precautions, despite the associated email address being old.
I have had my login data get leaked before due to a data breach on one of the forums. You might want to check all the old site you registered using the old email address and password. This includes other important sites/apps like Dropbox, Google Drive, Spotify accounts, Amazon or any other account that may be connected to your PayPal or credit card etc

That where most hackers look into apart from the crypto exchanges and web wallets
I've changed most of them, at least the important ones, such as PayPal and Amazon, not sure if I've left anything useful there, except some email/shop subscriptions. The only one I haven't changed is Bitcointalk, because it firstly flags your account that the email has been changed, and secondly, because I've quite recently changed the password here, while I've also done it in the past, so there's no risk involved.
legendary
Activity: 2338
Merit: 1261
Heisenberg
December 03, 2021, 04:55:39 PM
#15
The good news, however, is that it's by an old email address, which I rarely use now, but does indeed still feature some websites I still use (such as Bitcointalk, old Coinbase account, Blockchain.com wallets). It's safe to say, that I need to take some precautions, despite the associated email address being old.
I have had my login data get leaked before due to a data breach on one of the forums. You might want to check all the old site you registered using the old email address and password. This includes other important sites/apps like Dropbox, Google Drive, Spotify accounts, Amazon or any other account that may be connected to your PayPal or credit card etc

That where most hackers look into apart from the crypto exchanges and web wallets
HCP
legendary
Activity: 2086
Merit: 4361
December 03, 2021, 04:12:20 PM
#14
Indeed, that SMS message is from someone attempting to login or reset your password etc.

So, it seems someone has got to your email/login details as they work through the data dumps from the many, many security breaches Undecided  They'll have scripts setup to test each one and see if they're still valid and/or work on other websites as well... Don't be too surprised if you start getting more "Password reset" links or other security warnings from various places.
hero member
Activity: 1750
Merit: 904
December 03, 2021, 03:46:15 PM
#13
<…>
It’s quite likely that your email, old as it may be, has been involved in some data breach somewhere, possibly with an associated password, and that this data is being used to try to see if you’ve used the login/password on Coinbase. Those multiple attempts from different IPs might point to different users of the hypothesised data list, or different attempts with variations on the password (+ shifting IP). This is of course my speculation on the information shown on the log. Also the source for the failes attempts is API, which I figure is used on attack vectors often.

If you are unsure if you’ve actually reused passwords here and there, it’s best to change the credentials of those sites where you were using that email (perhaps best anyway), whether they have 2FA active or not.
Yeah, my childhood/teenage mistakes. It's one of the first emails I created and used daily for most of my signups. I submitted it on the website a previous poster mentioned, and it has been pwned multiple times, it's associated with more than 12-14 data leaks. I've changed my password since then, obviously. My guess is that they're trying to see if they can gain access to popular websites, especially those that are financial institutions.
legendary
Activity: 2338
Merit: 10802
There are lies, damned lies and statistics. MTwain
December 03, 2021, 02:37:35 PM
#12
<…>
It’s quite likely that your email, old as it may be, has been involved in some data breach somewhere, possibly with an associated password, and that this data is being used to try to see if you’ve used the login/password on Coinbase. Those multiple attempts from different IPs might point to different users of the hypothesised data list, or different attempts with variations on the password (+ shifting IP). This is of course my speculation on the information shown on the log. Also the source for the failes attempts is API, which I figure is used on attack vectors often.

If you are unsure if you’ve actually reused passwords here and there, it’s best to change the credentials of those sites where you were using that email (perhaps best anyway), whether they have 2FA active or not.
hero member
Activity: 1750
Merit: 904
December 03, 2021, 10:28:22 AM
#11
Thank you for all your responses, I appreciate each and every one of you for spending time to reply here. Okay, now I have both good and bad news. Firstly, starting with the bad news, my first assumption was correct, it's pretty safe to say that I've been pwned and some data of mine have been breached (see attached photo).


The good news, however, is that it's by an old email address, which I rarely use now, but does indeed still feature some websites I still use (such as Bitcointalk, old Coinbase account, Blockchain.com wallets). It's safe to say, that I need to take some precautions, despite the associated email address being old.

legendary
Activity: 2212
Merit: 7064
December 03, 2021, 05:13:45 AM
#10
Could it be a random coincidence, is there a way to see my recent login locations on Coinbase?
Did you receive this message on your phone number as sms or on your email address?
Look for the source of sender (his number or email address) and contact Coinbase support.
This could mean that your information got leaked, and it doesn't have to be connected with your Coinbase account, maybe you purchased ledger hardware wallet or you got pwnd in some other way.
hero member
Activity: 3038
Merit: 634
December 03, 2021, 05:09:50 AM
#9
I've experienced that many times in the other websites that I've signed up with my old email. Not surprising that probably someone has merged and taken your email elsewhere that they've hacked and tried it to Coinbase and any other exchanges that you probably have registered.

Do you remember other websites where you've signed up that email you've used for that Coinbase account?

donator
Activity: 4760
Merit: 4323
Leading Crypto Sports Betting & Casino Platform
December 03, 2021, 03:32:45 AM
#8
LOL.  "Don't share this code with anyone."  Puts code on the internet...
legendary
Activity: 2702
Merit: 4002
December 03, 2021, 03:27:57 AM
#7
There are many assumptions that are better than hacking. For example, when you visit any site and add your number with "Accept cookies," it will appear to them that you have logged in or registered in coinbase, and therefore they can use it to access your account and try to either guess the password or just someone typed the number wrong.

In short, avoid sharing your number on any social media or at least allocate two numbers (personal & public number) for it.
legendary
Activity: 2268
Merit: 1379
Fully Regulated Crypto Casino
December 03, 2021, 02:10:07 AM
#6
Sure, it could be a random coincidence, nothing new with technology going apeshit. However, I think that maybe a breach didn't happen, but someone did try to breach it and a verification code was sent to your phone and they are out of luck. Maybe. I mean, the technology is getting better and better and data breachers have a lot more tools at their disposal nowadays, so I wouldn't be surprised.
Or yet a random guessing? Not sure though the breacher possibly trying to check out whose active with those accounts that they have been pentrared and somehow get a way to do some malicious trick over the Internet and eventually used it and scam others.

Damn if this kind of hacking is quite advance means everyone is on danger.
legendary
Activity: 1932
Merit: 1273
December 03, 2021, 01:58:41 AM
#5
Another thing you can do is you can check whether your email has been leaked or not using https://haveibeenpwned.com/. Just to be safe, make sure you aren't using the same password across different websites.

I was also once got an unknown sign in attempt on my unused Coinbase account, even I know the IP and the device who trying to access my account, there's nothing I can do except to not reuse the same password and active 2FA on many other online accounts.
Pages:
Jump to: