Ultegra134 (OP)
|
I received the following text on my phone yesterday, which alarmed me. I have a Coinbase account but never actually use it, however, that's not the case. How the heck did I receive this message? My main concern isn't the Coinbase account, but the probability of having a data breach, which could potentially be used as a gateway to other accounts. Could it be a random coincidence, is there a way to see my recent login locations on Coinbase?
|
R |
▀▀▀▀▀▀▀██████▄▄ ████████████████ ▀▀▀▀█████▀▀▀█████ ████████▌███▐████ ▄▄▄▄█████▄▄▄█████ ████████████████ ▄▄▄▄▄▄▄██████▀▀ | LLBIT | │ | CRYPTO FUTURES | | | | | | | │ | 1,000x LEVERAGE | │ | COMPETITIVE FEES | │ | INSTANT EXECUTION | │ | . TRADE NOW |
|
|
|
noorman0
|
|
December 03, 2021, 05:57:26 AM |
|
Never experienced it so far I've never used a phone number for the exchange access method. My presumptions: - Your number is used by someone else to sign up to Coinbase. - Someone else is trying to access your account with your phone number (if it's connected). To be sure, you just need to check your login session history.
You just need to be careful with your phone number, I read one hack story that phone numbers can be bypassed.
|
This space for rent. Available in mid January 2024 - PM me
|
|
|
|
TheNineClub
|
|
December 03, 2021, 06:12:01 AM |
|
Sure, it could be a random coincidence, nothing new with technology going apeshit. However, I think that maybe a breach didn't happen, but someone did try to breach it and a verification code was sent to your phone and they are out of luck. Maybe. I mean, the technology is getting better and better and data breachers have a lot more tools at their disposal nowadays, so I wouldn't be surprised. The best thing to do is to contact Coinbase customer service and let them guide you to the best solution on how to check this.
|
|
|
|
vv181
Legendary
Offline
Activity: 1932
Merit: 1273
|
|
December 03, 2021, 06:58:41 AM |
|
Another thing you can do is you can check whether your email has been leaked or not using https://haveibeenpwned.com/. Just to be safe, make sure you aren't using the same password across different websites. I was also once got an unknown sign in attempt on my unused Coinbase account, even I know the IP and the device who trying to access my account, there's nothing I can do except to not reuse the same password and active 2FA on many other online accounts.
|
|
|
|
cryptoaddictchie
Legendary
Offline
Activity: 2198
Merit: 1323
Fully Regulated Crypto Casino
|
|
December 03, 2021, 07:10:07 AM |
|
Sure, it could be a random coincidence, nothing new with technology going apeshit. However, I think that maybe a breach didn't happen, but someone did try to breach it and a verification code was sent to your phone and they are out of luck. Maybe. I mean, the technology is getting better and better and data breachers have a lot more tools at their disposal nowadays, so I wouldn't be surprised.
Or yet a random guessing? Not sure though the breacher possibly trying to check out whose active with those accounts that they have been pentrared and somehow get a way to do some malicious trick over the Internet and eventually used it and scam others. Damn if this kind of hacking is quite advance means everyone is on danger.
|
|
|
|
hugeblack
Legendary
Offline
Activity: 2632
Merit: 3881
|
|
December 03, 2021, 08:27:57 AM |
|
There are many assumptions that are better than hacking. For example, when you visit any site and add your number with "Accept cookies," it will appear to them that you have logged in or registered in coinbase, and therefore they can use it to access your account and try to either guess the password or just someone typed the number wrong.
In short, avoid sharing your number on any social media or at least allocate two numbers (personal & public number) for it.
|
|
|
|
OgNasty
Donator
Legendary
Offline
Activity: 4858
Merit: 4591
Leading Crypto Sports Betting & Casino Platform
|
|
December 03, 2021, 08:32:45 AM |
|
LOL. "Don't share this code with anyone." Puts code on the internet...
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
sunsilk
|
|
December 03, 2021, 10:09:50 AM |
|
I've experienced that many times in the other websites that I've signed up with my old email. Not surprising that probably someone has merged and taken your email elsewhere that they've hacked and tried it to Coinbase and any other exchanges that you probably have registered.
Do you remember other websites where you've signed up that email you've used for that Coinbase account?
|
|
|
|
dkbit98
Legendary
Offline
Activity: 2352
Merit: 7429
|
|
December 03, 2021, 10:13:45 AM |
|
Could it be a random coincidence, is there a way to see my recent login locations on Coinbase?
Did you receive this message on your phone number as sms or on your email address? Look for the source of sender (his number or email address) and contact Coinbase support. This could mean that your information got leaked, and it doesn't have to be connected with your Coinbase account, maybe you purchased ledger hardware wallet or you got pwnd in some other way.
|
|
|
|
Ultegra134 (OP)
|
|
December 03, 2021, 03:28:22 PM |
|
Thank you for all your responses, I appreciate each and every one of you for spending time to reply here. Okay, now I have both good and bad news. Firstly, starting with the bad news, my first assumption was correct, it's pretty safe to say that I've been pwned and some data of mine have been breached (see attached photo). The good news, however, is that it's by an old email address, which I rarely use now, but does indeed still feature some websites I still use (such as Bitcointalk, old Coinbase account, Blockchain.com wallets). It's safe to say, that I need to take some precautions, despite the associated email address being old.
|
R |
▀▀▀▀▀▀▀██████▄▄ ████████████████ ▀▀▀▀█████▀▀▀█████ ████████▌███▐████ ▄▄▄▄█████▄▄▄█████ ████████████████ ▄▄▄▄▄▄▄██████▀▀ | LLBIT | │ | CRYPTO FUTURES | | | | | | | │ | 1,000x LEVERAGE | │ | COMPETITIVE FEES | │ | INSTANT EXECUTION | │ | . TRADE NOW |
|
|
|
DdmrDdmr
Legendary
Offline
Activity: 2436
Merit: 10989
There are lies, damned lies and statistics. MTwain
|
|
December 03, 2021, 07:37:35 PM |
|
<…>
It’s quite likely that your email, old as it may be, has been involved in some data breach somewhere, possibly with an associated password, and that this data is being used to try to see if you’ve used the login/password on Coinbase. Those multiple attempts from different IPs might point to different users of the hypothesised data list, or different attempts with variations on the password (+ shifting IP). This is of course my speculation on the information shown on the log. Also the source for the failes attempts is API, which I figure is used on attack vectors often. If you are unsure if you’ve actually reused passwords here and there, it’s best to change the credentials of those sites where you were using that email (perhaps best anyway), whether they have 2FA active or not.
|
|
|
|
Ultegra134 (OP)
|
|
December 03, 2021, 08:46:15 PM |
|
<…>
It’s quite likely that your email, old as it may be, has been involved in some data breach somewhere, possibly with an associated password, and that this data is being used to try to see if you’ve used the login/password on Coinbase. Those multiple attempts from different IPs might point to different users of the hypothesised data list, or different attempts with variations on the password (+ shifting IP). This is of course my speculation on the information shown on the log. Also the source for the failes attempts is API, which I figure is used on attack vectors often. If you are unsure if you’ve actually reused passwords here and there, it’s best to change the credentials of those sites where you were using that email (perhaps best anyway), whether they have 2FA active or not. Yeah, my childhood/teenage mistakes. It's one of the first emails I created and used daily for most of my signups. I submitted it on the website a previous poster mentioned, and it has been pwned multiple times, it's associated with more than 12-14 data leaks. I've changed my password since then, obviously. My guess is that they're trying to see if they can gain access to popular websites, especially those that are financial institutions.
|
R |
▀▀▀▀▀▀▀██████▄▄ ████████████████ ▀▀▀▀█████▀▀▀█████ ████████▌███▐████ ▄▄▄▄█████▄▄▄█████ ████████████████ ▄▄▄▄▄▄▄██████▀▀ | LLBIT | │ | CRYPTO FUTURES | | | | | | | │ | 1,000x LEVERAGE | │ | COMPETITIVE FEES | │ | INSTANT EXECUTION | │ | . TRADE NOW |
|
|
|
HCP
Legendary
Offline
Activity: 2086
Merit: 4318
<insert witty quote here>
|
|
December 03, 2021, 09:12:20 PM |
|
Indeed, that SMS message is from someone attempting to login or reset your password etc. So, it seems someone has got to your email/login details as they work through the data dumps from the many, many security breaches They'll have scripts setup to test each one and see if they're still valid and/or work on other websites as well... Don't be too surprised if you start getting more "Password reset" links or other security warnings from various places.
|
|
|
|
JeromeTash
Legendary
Offline
Activity: 2268
Merit: 1243
Heisenberg
|
|
December 03, 2021, 09:55:39 PM |
|
The good news, however, is that it's by an old email address, which I rarely use now, but does indeed still feature some websites I still use (such as Bitcointalk, old Coinbase account, Blockchain.com wallets). It's safe to say, that I need to take some precautions, despite the associated email address being old.
I have had my login data get leaked before due to a data breach on one of the forums. You might want to check all the old site you registered using the old email address and password. This includes other important sites/apps like Dropbox, Google Drive, Spotify accounts, Amazon or any other account that may be connected to your PayPal or credit card etc That where most hackers look into apart from the crypto exchanges and web wallets
|
|
|
|
Ultegra134 (OP)
|
|
December 03, 2021, 11:01:38 PM |
|
The good news, however, is that it's by an old email address, which I rarely use now, but does indeed still feature some websites I still use (such as Bitcointalk, old Coinbase account, Blockchain.com wallets). It's safe to say, that I need to take some precautions, despite the associated email address being old.
I have had my login data get leaked before due to a data breach on one of the forums. You might want to check all the old site you registered using the old email address and password. This includes other important sites/apps like Dropbox, Google Drive, Spotify accounts, Amazon or any other account that may be connected to your PayPal or credit card etc That where most hackers look into apart from the crypto exchanges and web wallets I've changed most of them, at least the important ones, such as PayPal and Amazon, not sure if I've left anything useful there, except some email/shop subscriptions. The only one I haven't changed is Bitcointalk, because it firstly flags your account that the email has been changed, and secondly, because I've quite recently changed the password here, while I've also done it in the past, so there's no risk involved.
|
R |
▀▀▀▀▀▀▀██████▄▄ ████████████████ ▀▀▀▀█████▀▀▀█████ ████████▌███▐████ ▄▄▄▄█████▄▄▄█████ ████████████████ ▄▄▄▄▄▄▄██████▀▀ | LLBIT | │ | CRYPTO FUTURES | | | | | | | │ | 1,000x LEVERAGE | │ | COMPETITIVE FEES | │ | INSTANT EXECUTION | │ | . TRADE NOW |
|
|
|
tranthidung
Legendary
Offline
Activity: 2394
Merit: 4196
Farewell o_e_l_e_o
|
|
December 04, 2021, 07:04:51 AM |
|
You can check your email It does not directly show your Coinbase account was compromised because of your data was breached but if your email was breached, something bad would happen.
|
|
|
|
Ultegra134 (OP)
|
|
December 04, 2021, 08:51:51 AM |
|
You can check your email It does not directly show your Coinbase account was compromised because of your data was breached but if your email was breached, something bad would happen. Thank you for sharing this guide, never knew that such feature was actually provided by Google. It claims that I've got 12 compromised passwords, while a handful of reused passwords. Fortunately, the compromised ones weren't on any significant website, however, I'll need to start updating my passwords, just to be on the safe side.
|
R |
▀▀▀▀▀▀▀██████▄▄ ████████████████ ▀▀▀▀█████▀▀▀█████ ████████▌███▐████ ▄▄▄▄█████▄▄▄█████ ████████████████ ▄▄▄▄▄▄▄██████▀▀ | LLBIT | │ | CRYPTO FUTURES | | | | | | | │ | 1,000x LEVERAGE | │ | COMPETITIVE FEES | │ | INSTANT EXECUTION | │ | . TRADE NOW |
|
|
|
DdmrDdmr
Legendary
Offline
Activity: 2436
Merit: 10989
There are lies, damned lies and statistics. MTwain
|
|
December 04, 2021, 09:11:11 AM |
|
<…>
Since your data seems to have been pawned, it is prone to being used for all sorts of things (hacking, phishing, spamming, etc.), rather than just change passwords, it may pay off better to consider creating new emails and starting afresh, rethinking your email/credential strategy (i.e. how many emails to use and where + password manager + 2fa), and changing the credentials on the relevant sites. I’ve gone through the above quite a few times, and although it’s cumbersome to change credentials on a wide range of sites, it’s something I try to do recurrently (done it with the phone number a few times too, although that has other implications).
|
|
|
|
Ultegra134 (OP)
|
|
December 04, 2021, 11:04:54 AM |
|
<…>
Since your data seems to have been pawned, it is prone to being used for all sorts of things (hacking, phishing, spamming, etc.), rather than just change passwords, it may pay off better to consider creating new emails and starting afresh, rethinking your email/credential strategy (i.e. how many emails to use and where + password manager + 2fa), and changing the credentials on the relevant sites. I’ve gone through the above quite a few times, and although it’s cumbersome to change credentials on a wide range of sites, it’s something I try to do recurrently (done it with the phone number a few times too, although that has other implications). That was the main reason I created a new email, quite a few years ago, and is now my main one. There are little accounts that I frequently use, associated with the old email, while I've proceeded and changed the password in most of them. It's just startled me to receive such a text message on my phone, I don't recall adding it back then, because I possibly had an older number. I must have added it a few months ago, in an attempt to retrieve my old Coinbase account, in case it had any funds deposited.
|
R |
▀▀▀▀▀▀▀██████▄▄ ████████████████ ▀▀▀▀█████▀▀▀█████ ████████▌███▐████ ▄▄▄▄█████▄▄▄█████ ████████████████ ▄▄▄▄▄▄▄██████▀▀ | LLBIT | │ | CRYPTO FUTURES | | | | | | | │ | 1,000x LEVERAGE | │ | COMPETITIVE FEES | │ | INSTANT EXECUTION | │ | . TRADE NOW |
|
|
|
|