Major crypto platform Coinbase has emailed 3,420 Coinbase customers to disclose an accident with customer registration. Some registration details were apparently stored in clear text on the logs of Coinbase’s internal server, with affected customers now required to change their passwords.
Coinbase announced the news in an official blog post on Aug. 16. According to the announcement, Coinbase has resolved the root cause of the bug and the platform is confident that stored data was not “improperly accessed, misused, or compromised.”
Some users’ credentials were saved when a rare signup error occurred. When users encountered this error, Coinbase would deny their registration but still save their credentials, including username, email address, proposed password and state of residence for United States-based users.
Moreover, the announcement specified that the 3,420 individuals then submitted a new registration application, in which they used the same password. Coinbase was apparently able to determine this because the password hash would match the earlier password hash saved from the failed signup attempt.