Coinbase Stores Passwords of 3,420 Users in Plain Text

Reading Time: 2 minutes

Coinbase is one of the most popular US-based exchanges and it’s often the exchange that beginners head to when they first dive into the crypto world. However, users might want to consider changing their passwords after a security glitch left the usernames, passwords, and email addresses of 3,420 users stored in plain text on a Coinbase server. It’s still unknown if the plain text dump was detected by any malicious parties, but as a precaution it’s still best to change your password, as it’s easier to change your password than risk losing all your crypto.

Didn’t Coinbase Encrypt All This Data?

Back in April, Coinbase announced a new feature that employs the use of bcrypt to encrypt plain text in the login fields immediately. The new system allegedly hashes passwords before they’re sent to the Coinbase server to get verified. Coinbase would only have a hash of your password from the sign-up process, and if the hash generated upon logging in matches the hash on file, then you would be granted access, meaning not even Coinbase has access to your password. This new feature’s legitimacy is now being called into question after the plain text files were discovered, hinting that it’s not working properly.

Another Big Exchange Slips Up

Over the past few weeks, we’ve seen revelations from a number of big exchanges that all claim to have seen data breaches of some sort. Last week, a hacker threatened to dump 60,000 KYC images that were allegedly from Binance – with a handful of sample images all bearing typical Binance requirements. The hacker claims to have broken into Binance’s servers and stole the KYC images, but it looks as if the images could have been obtained through a phishing scam, as they’re lacking the Binance watermark.

Can We Trust Libra?

When it comes to leaking data, nobody is better at it than Facebook. Facebook has had so many data scandals that it’s virtually impossible to keep count. Now it’s looking to create its own centralized cryptocurrency called Libra. If we can’t trust big name crypto exchanges like Coinabase and Binance with our user data, is there any chance we can trust Libra? Facebook will likely be siphoning Libra data and selling it to the highest bidder from the moment the mainnet goes live.

Coinbase is still unsure whether anyone accessed the plain text files, so it’s suggesting that traders change their passwords – just to be on the safe side. It’s yet another reason as to why it’s important not to use the same password for everything – use a randomly generated password for each site you use in order to maintain a high level of security.