Good thing for two-factor authentication. Coinbase account definitely hacked.

[jbrock11]

Got an authentication text from Coinbase out of the blue and thought it was suspicious so I logged on to my account and had a password reset request from China...

Guess I'm gonna have to move ALL of my coin to paper wallets. Seems like Coinbase is no longer safe even for the tiniest bit of coin I had on there.

*Edit*: This stupid fu*k has now hacked into my email. Anybody else out there with a little hacking no how, feel free to return the favor.
 IP = 27.20.238.204

[pbj sammich]

Got an authentication text from Coinbase out of the blue and thought it was suspicious so I logged on to my account and has a password reset request from China...

Guess I'm gonna have to move ALL of my coin to paper wallets. Seems like Coinbase is no longer safe even for the tiniest bit of coin I had on there.

Just out of curiousity, where you a Gox customer?

[drrussellshane]

Good thing you used two-factor authentication!

Bitcoin-related sites, as a rule, should offer TFA.

[jbrock11]

Got an authentication text from Coinbase out of the blue and thought it was suspicious so I logged on to my account and has a password reset request from China...

Guess I'm gonna have to move ALL of my coin to paper wallets. Seems like Coinbase is no longer safe even for the tiniest bit of coin I had on there.

Just out of curiousity, where you a Gox customer?

Nah, don't really mess with the exchanges much. Even though I do have an account on Cryptsy.

[jbrock11]

Good thing you used two-factor authentication!

Bitcoin-related sites, as a rule, should offer TFA.

Yea, I'm thinking it should be a requirement to start an account with all these sites. I know it's the early days and better security will be coming in the future but right now, it's the wild west out there. Can't take any chances. Especially when nobody is really offering insurance right now.

[fivejonnyfive]

I mean, I'd argue that it is safe BECAUSE of the 2 factor auth. It did exactly what it was supposed to, no?

[jbrock11]

I mean, I'd argue that it is safe BECAUSE of the 2 factor auth. It did exactly what it was supposed to, no?

The two-factor did but as I said, it's still just an option on Coinbase. Luckily I had it turned on.

I'd expect more out of their site security though. My password was pretty difficult but that didn't seem to matter at all.

[Arksun]

Got an authentication text from Coinbase out of the blue and thought it was suspicious so I logged on to my account and had a password reset request from China...

Guess I'm gonna have to move ALL of my coin to paper wallets. Seems like Coinbase is no longer safe even for the tiniest bit of coin I had on there.

I don't get it, someone made a password recovery request pretending to be you, anyone can do this, with any website, anywhere. So Coinbase shouldn't offer password recovery? As long as they don't also control your email account whats the problem?

[greenlion]

Got an authentication text from Coinbase out of the blue and thought it was suspicious so I logged on to my account and had a password reset request from China...

Guess I'm gonna have to move ALL of my coin to paper wallets. Seems like Coinbase is no longer safe even for the tiniest bit of coin I had on there.

I don't get it, someone made a password recovery request pretending to be you, anyone can do this, with any website, anywhere. So Coinbase shouldn't offer password recovery? As long as they don't also control your email account whats the problem?

I would immediately change your email account's password, because the above scenario is absolutely correct, and for someone to have bothered to do this in the first place, they likely would've had reason to believe they were in control of your email.

[farlack]

I mean, I'd argue that it is safe BECAUSE of the 2 factor auth. It did exactly what it was supposed to, no?

The two-factor did but as I said, it's still just an option on Coinbase. Luckily I had it turned on.

I'd expect more out of their site security though. My password was pretty difficult but that didn't seem to matter at all.

So the 2F worked, how is it unsafe?

[101Official]

So the 2F worked, how is it unsafe?

Sounds like everything is working as expected.

[nanobtc]

Statistically, your home PC is probably a greater risk than Coinbase.

[cozytrade]

Got an authentication text from Coinbase out of the blue and thought it was suspicious so I logged on to my account and had a password reset request from China...

Password reset request does not indicate any successful hack. How come do you think your account is definitely hacked.

Just because it is from China? 

[amspir]

Got an authentication text from Coinbase out of the blue and thought it was suspicious so I logged on to my account and had a password reset request from China...

It just means somebody who has your email address submitted it to coinbase.  If they compromised your email, then you would have a problem.

[Vitamin]

Statistically, your home PC is probably a greater risk than Coinbase.

Is there proof of this?

[drrussellshane]

Statistically, your home PC is probably a greater risk than Coinbase.

Is there proof of this?

I think that they were speaking generally...

However, Coinbase likely spends a great deal more money than many here do, for the sake of securing their computer systems. Although Coinbase may be targeted more than the average PC or whatever, they also are cognizant of that, and so they take steps to prevent having security threats, which is evidenced in part by the fact that they haven't suffered from any "hacks" to my knowledge.

[edok]

Statistically, your home PC is probably a greater risk than Coinbase.

I trust exchanges way more than I trust myself and my setup.

[amspir]

Statistically, your home PC is probably a greater risk than Coinbase.

Is there proof of this?

I can't vouch for any statistical analysis, but when I last looked at my router logs, I'd see an average of 5 probes (A single IP addresses looking for open ports) a day.  About 40% are Chinese, usually attached to a university, followed by probes from Russia, then other European and US addresses in number.   It's a little unnerving when you are aware that random people checking the lock on your door several times a day.

[nanobtc]

I wasn't pointing a finger at the OP for being insecure, I should have worded that better, sorry. Coinbase has to comply with AML laws of 50 states. I *know* that they have had to jump through a thousand hoops to do that. I work with network security, and PCI compliance (Payment Card Industry). My work is going through PCI tests now, and it is a huge headache.

Statistically, the chances are high that the OP is using Windows, which also 'by the numbers' has the highest chance of being broken into. Microsoft is dropping all updates for XP on April 8. I got an email today, estimating that 30% of people are still running XP. With no more security updates, XP will become a playground for black hats. Anyone that runs a local wallet on XP is foolish and at risk. Encrypt your wallet at the very least, please get rid of of XP at the best. Even if your wallet.dat is local, and encrypted, a keystroke logger gives  up all your passwords to everything that you log in to.

The OP may be a Mac guy, or a Linux guru, in which case that chances are very low that his PC got broken in to. Still, Coinbase has to live by much higher standards than any of us do. 2FA is a very good thing, everyone should use it when they can. Logs can be scary when you look at them, but all of that is firehose probing for common default vulnerabilities. Nobody has singled you out.

MtGox was in Japan, they had no such laws to comply with. I recommend Coinbase to my friends and family in the USA.

[joshua3m]

to the OP even account with 2fa isn't safe every time... rooting your phone you are letting some people free in plus there is such a big amount of malware in play store that sooner or later someone will get what they want...

https://www.youtube.com/watch?v=6oAQoDfeN08