I received an april fool just now | Bitcointalksearch.org

CryptoGuy2014

member

Activity: 90

Merit: 10

Only email I received from coinbase today was a cancelation of my BTC orders...

No joke

Seems they don't want my money:(

I may have to change exchanges if this happens again.

minimalB

donator

Activity: 674

Merit: 522

I also got several emails today from Coinbase.

Is this April Fools or real hack? I didn't click the links, though...

C10H15N

hero member

Activity: 811

Merit: 1004

Quote from: 5thStreetResearch on April 01, 2014, 12:03:12 PM

Quote from: ReCat on April 01, 2014, 12:00:28 PM

Why would this be phishing? The URLs its pointing to is straight on the Coinbase site, over HTTPS too.

https://coinbase.com/transactions/533aa310101a7b619b0001a5

How did they sign emails to be as if they were sent from coinbase too?

The only reason this would be actually dangerous is if the coinbase servers themselves were hacked and were storing passwords...

You can request bitcoin from any email address in the world through coinbase. If the email address input matches that of a coinbase user you can see their full name associated with that Coinbase account. This is not good. Someone could very easily scrape full names/email data/ coinbase account data using this method.

These payment requests, processed through the Coinbase system, are only a click and 2FA away from executing. Fortunately, I do not use Coinbase as a wallet. Unfortunately, I and others use them for BTC purchases with fiat so customer bank ACH and credit card data is stored there.

I'm going to leave the bogus requests sitting there and see what Coinbase does about them. Roll Eyes

marcotheminer

legendary

Activity: 2072

Merit: 1049

┴puoʎǝq ʞool┴

I got the same email and paid up!

davida

sr. member

Activity: 585

Merit: 250

Quote from: FanEagle on April 01, 2014, 12:25:51 PM

I just logged in coinbase, and refused 3 requests of payment since I could not afford them. Roll Eyes

I wouldn't have refused the payment... Potentially you could be confirming to the person that requested the payment that you account does exist and it is active.

It's best to just ignore it completely.

FanEagle

legendary

Activity: 2814

Merit: 1112

Leading Crypto Sports Betting & Casino Platform

I just logged in coinbase, and refused 3 requests of payment since I could not afford them. Roll Eyes

davida

sr. member

Activity: 585

Merit: 250

Quote from: ReCat on April 01, 2014, 12:00:28 PM

Why would this be phishing? The URLs its pointing to is straight on the Coinbase site, over HTTPS too.

https://coinbase.com/transactions/533aa310101a7b619b0001a5

How did they sign emails to be as if they were sent from coinbase too?

The only reason this would be actually dangerous is if the coinbase servers themselves were hacked and were storing passwords...

I think it's just an April fool joke by someone taking advantage of the the facebook like module that shows users emails on coinbase.

Not a phishing attempt but it is good to be cautious by never clicking a link in any email you weren't expecting.

Most likely someone who wanted to highlight the problem and convince coinbase to fix it, they have known about this issue but didn't consider it a problem.

iBitcoin+

newbie

Activity: 12

Merit: 0

I received that email multiple times to the same email address

5thStreetResearch

full member

Activity: 126

Merit: 100

Quote from: ReCat on April 01, 2014, 12:00:28 PM

Why would this be phishing? The URLs its pointing to is straight on the Coinbase site, over HTTPS too.

https://coinbase.com/transactions/533aa310101a7b619b0001a5

How did they sign emails to be as if they were sent from coinbase too?

The only reason this would be actually dangerous is if the coinbase servers themselves were hacked and were storing passwords...

You can request bitcoin from any email address in the world through coinbase. If the email address input matches that of a coinbase user you can see their full name associated with that Coinbase account. This is not good. Someone could very easily scrape full names/email data/ coinbase account data using this method.

ReCat

sr. member

Activity: 406

Merit: 250

Why would this be phishing? The URLs its pointing to is straight on the Coinbase site, over HTTPS too.

https://coinbase.com/transactions/533aa310101a7b619b0001a5

How did they sign emails to be as if they were sent from coinbase too?

The only reason this would be actually dangerous is if the coinbase servers themselves were hacked and were storing passwords...

dpb

newbie

Activity: 28

Merit: 0

Quote from: 5thStreetResearch on April 01, 2014, 11:46:18 AM

Quote from: C10H15N on April 01, 2014, 11:42:23 AM

Coinbase seems to feel it's a "feature". Roll Eyes

This "feature" is going to cause some serious concerns quickly if it isn't removed. Just came across this on Twitter today (partial list of Coinbase users and email addresses) http://pastebin.com/RzWipJFb

My email address is public and I didn't get any of these requests or emails..
I'm not sure this is really that big of a deal; it might be spearheaded by a competitor to Coinbase.

5thStreetResearch

full member

Activity: 126

Merit: 100

Quote from: C10H15N on April 01, 2014, 11:42:23 AM

Coinbase seems to feel it's a "feature". Roll Eyes

This "feature" is going to cause some serious concerns quickly if it isn't removed. Just came across this on Twitter today (partial list of Coinbase users and email addresses) http://pastebin.com/RzWipJFb

C10H15N

hero member

Activity: 811

Merit: 1004

Coinbase seems to feel it's a "feature". Roll Eyes

5thStreetResearch

full member

Activity: 126

Merit: 100

Quote from: C10H15N on April 01, 2014, 10:59:54 AM

Coinbase has a PR problem Cheesy

this isn't an April fools joke. They had been warned about a security vulnerability multiple times by the same guy and refused to act... http://blog.shubh.am/full-disclosure-coinbase-security/

C10H15N

hero member

Activity: 811

Merit: 1004

Coinbase has a PR problem Cheesy

Don007

legendary

Activity: 1050

Merit: 1007

Live like there is no tomorrow!

I heard many people who received that message.

Unfortunately I think there might be some people dumb enough to sign in and let their password stolen.

Denni

full member

Activity: 125

Merit: 100

Quote from: Polycoin on April 01, 2014, 10:47:38 AM

Quote from: FanEagle on April 01, 2014, 05:38:02 AM

Happy April fool everyone!

That's strange...because I woke up today, checked my coinbase account and it has 732,342 Bitcoins in it, I then called my job, said "Fuck you guys, I quit", went back to sleep and woke up only to reply here.

Good day, good day.

Cool story, bro

Polycoin

sr. member

Activity: 294

Merit: 250

Quote from: FanEagle on April 01, 2014, 05:38:02 AM

Happy April fool everyone!

That's strange...because I woke up today, checked my coinbase account and it has 732,342 Bitcoins in it, I then called my job, said "Fuck you guys, I quit", went back to sleep and woke up only to reply here.

Good day, good day.

flounderella

sr. member

Activity: 350

Merit: 250

Bitcoin Evengelist

Have you seen this?

http://www.reddit.com/r/Bitcoin/comments/21wx59/coinbase_emails_and_names_leaked/

It's looks like coinbase emails and user names were leaked via a phishing attack that was pointed out by a researcher to coinbase a month ago and repeatedly ignored by coinbase until now?

RodeoX

legendary

Activity: 3066

Merit: 1145

The revolution will be monetized!

Are you saying i shouldn't have paid that? ...Uh oh. Cry

Topic: I received an april fool just now (Read 1806 times)