Pages:
Author

Topic: I received an april fool just now (Read 1809 times)

member
Activity: 90
Merit: 10
April 01, 2014, 02:08:33 PM
#30
Only email I received from coinbase today was a cancelation of my BTC orders...

No joke

Seems they don't want my money:(

I may have to change exchanges if this happens again.
donator
Activity: 674
Merit: 523
April 01, 2014, 02:00:30 PM
#29
I also got several emails today from Coinbase.

Is this April Fools or real hack? I didn't click the links, though...
legendary
Activity: 948
Merit: 1026
April 01, 2014, 11:35:44 AM
#28
Why would this be phishing? The URLs its pointing to is straight on the Coinbase site, over HTTPS too.

https://coinbase.com/transactions/533aa310101a7b619b0001a5

How did they sign emails to be as if they were sent from coinbase too?

The only reason this would be actually dangerous is if the coinbase servers themselves were hacked and were storing passwords...

You can request bitcoin from any email address in the world through coinbase.  If the email address input matches that of a coinbase user you can see their full name associated with that Coinbase account.  This is not good.  Someone could very easily scrape full names/email data/ coinbase account data using this method.

These payment requests, processed through the Coinbase system, are only a click and 2FA away from executing.  Fortunately, I do not use Coinbase as a wallet. Unfortunately, I and others use them for BTC purchases with fiat so customer bank ACH and credit card data is stored there.

I'm going to leave the bogus requests sitting there and see what Coinbase does about them.  Roll Eyes
legendary
Activity: 2072
Merit: 1049
┴puoʎǝq ʞool┴
April 01, 2014, 11:33:14 AM
#27
I got the same email and paid up! Smiley
sr. member
Activity: 585
Merit: 250
April 01, 2014, 11:28:41 AM
#26
I just logged in coinbase, and refused 3 requests of payment since I could not afford them.  Roll Eyes

I wouldn't have refused the payment... Potentially you could be confirming to the person that requested the payment that you account does exist and it is active. 

It's best to just ignore it completely.
legendary
Activity: 3066
Merit: 1129
April 01, 2014, 11:25:51 AM
#25
I just logged in coinbase, and refused 3 requests of payment since I could not afford them.  Roll Eyes
sr. member
Activity: 585
Merit: 250
April 01, 2014, 11:24:50 AM
#24
Why would this be phishing? The URLs its pointing to is straight on the Coinbase site, over HTTPS too.

https://coinbase.com/transactions/533aa310101a7b619b0001a5

How did they sign emails to be as if they were sent from coinbase too?

The only reason this would be actually dangerous is if the coinbase servers themselves were hacked and were storing passwords...

I think it's just an April fool joke by someone taking advantage of the the facebook like module that shows users emails on coinbase.

Not a phishing attempt but it is good to be cautious by never clicking a link in any email you weren't expecting.

Most likely someone who wanted to highlight the problem and convince coinbase to fix it, they have known about this issue but didn't consider it a problem.
newbie
Activity: 12
Merit: 0
April 01, 2014, 11:12:46 AM
#23
I received that email multiple times to the same email address
full member
Activity: 126
Merit: 100
April 01, 2014, 11:03:12 AM
#22
Why would this be phishing? The URLs its pointing to is straight on the Coinbase site, over HTTPS too.

https://coinbase.com/transactions/533aa310101a7b619b0001a5

How did they sign emails to be as if they were sent from coinbase too?

The only reason this would be actually dangerous is if the coinbase servers themselves were hacked and were storing passwords...

You can request bitcoin from any email address in the world through coinbase.  If the email address input matches that of a coinbase user you can see their full name associated with that Coinbase account.  This is not good.  Someone could very easily scrape full names/email data/ coinbase account data using this method.
sr. member
Activity: 406
Merit: 250
April 01, 2014, 11:00:28 AM
#21
Why would this be phishing? The URLs its pointing to is straight on the Coinbase site, over HTTPS too.

https://coinbase.com/transactions/533aa310101a7b619b0001a5

How did they sign emails to be as if they were sent from coinbase too?

The only reason this would be actually dangerous is if the coinbase servers themselves were hacked and were storing passwords...
dpb
newbie
Activity: 28
Merit: 0
April 01, 2014, 10:51:24 AM
#20
Coinbase seems to feel it's a "feature".   Roll Eyes

This "feature" is going to cause some serious concerns quickly if it isn't removed.  Just came across this on Twitter today (partial list of Coinbase users and email addresses) http://pastebin.com/RzWipJFb

My email address is public and I didn't get any of these requests or emails..
I'm not sure this is really that big of a deal; it might be spearheaded by a competitor to Coinbase.
full member
Activity: 126
Merit: 100
April 01, 2014, 10:46:18 AM
#19
Coinbase seems to feel it's a "feature".   Roll Eyes

This "feature" is going to cause some serious concerns quickly if it isn't removed.  Just came across this on Twitter today (partial list of Coinbase users and email addresses) http://pastebin.com/RzWipJFb
legendary
Activity: 948
Merit: 1026
April 01, 2014, 10:42:23 AM
#18
Coinbase seems to feel it's a "feature".   Roll Eyes
full member
Activity: 126
Merit: 100
April 01, 2014, 10:22:35 AM
#17
Coinbase has a PR problem Cheesy



this isn't an April fools joke.  They had been warned about a security vulnerability multiple times by the same guy and refused to act... http://blog.shubh.am/full-disclosure-coinbase-security/
legendary
Activity: 948
Merit: 1026
April 01, 2014, 09:59:54 AM
#16
Coinbase has a PR problem Cheesy

legendary
Activity: 1050
Merit: 1007
Live like there is no tomorrow!
April 01, 2014, 09:53:19 AM
#15
I heard many people who received that message.

Unfortunately I think there might be some people dumb enough to sign in and let their password stolen.
full member
Activity: 125
Merit: 100
April 01, 2014, 09:51:04 AM
#14


Happy April fool everyone!

That's strange...because I woke up today, checked my coinbase account and it has 732,342 Bitcoins in it, I then called my job, said "Fuck you guys, I quit", went back to sleep and woke up only to reply here.

Good day, good day.
Cheesy Cool story, bro
sr. member
Activity: 294
Merit: 250
April 01, 2014, 09:47:38 AM
#13


Happy April fool everyone!

That's strange...because I woke up today, checked my coinbase account and it has 732,342 Bitcoins in it, I then called my job, said "Fuck you guys, I quit", went back to sleep and woke up only to reply here.

Good day, good day.
sr. member
Activity: 350
Merit: 250
Bitcoin Evengelist
April 01, 2014, 09:45:15 AM
#12
Have you seen this?

http://www.reddit.com/r/Bitcoin/comments/21wx59/coinbase_emails_and_names_leaked/


It's looks like coinbase emails and user names were leaked via a phishing attack that was pointed out by a researcher to coinbase a month ago and repeatedly ignored by coinbase until now?
legendary
Activity: 3066
Merit: 1147
The revolution will be monetized!
April 01, 2014, 09:31:34 AM
#11
Are you saying i shouldn't have paid that? ...Uh oh. Cry
Pages:
Jump to: