Bitcoin wallet service Coinbase denies security breach as user names appear online
Bitcoin wallet service Coinbase has denied it suffered a security breach, but acknowledged that a list of some of its users has been circulating on the Web.
“Despite speculation on a few forums, there has been no data breach of names or emails at Coinbase,” the service said in a blog post.
But it added that a list of Coinbase user names and associated email addresses had appeared online.
“This list (the size of which is less than one half of one percent of Coinbase users) was not the result of a data breach at Coinbase,” it said. ”This list of emails was likely sourced from other sites—probably Bitcoin-related ones. It’s clear there was no data breach because no other user information is provided.”
An anonymous poster uploaded a list of about 2,000 user names and email addresses to Pastebin, claiming they are Coinbase users.
“Coinbase provides your full transaction history to the FBI, FinCEN and IRS every day,” the poster wrote, referring to U.S. government agencies including the Department of the Treasury’s Financial Crimes Enforcement Network. “They are under a gag order.”
The San Francisco-based wallet service did not address the gag order allegation in its blog post.
It said that its “request money” feature was not involved in a security breach. The feature allows users to send requests to multiple email addresses.
Coinbase said its use of email addresses to determine if someone has an account is “the norm across most Internet sites today,” citing a similar feature on Google, Dropbox and Facebook.
In a method known as email enumeration, fraudsters and phishers have been known to use email addresses to find out if certain users have accounts with online payment services.
“Though we believe this type of spam and user enumeration activity doesn’t represent a significant risk to Coinbase customers, we absolutely recognize that it can be an inconvenience and cause confusion,” Coinbase said.
The concerns stirred by the Coinbase list follow the spectacular failure of Mt. Gox, once the world’s largest exchange for the digital currency, in February. The Tokyo-based exchange reported losing nearly half a billion U.S. dollars worth of bitcoins when it collapsed, citing a security problem.
The software driving the Bitcoin network was upgraded in March, in an attempt to address the problem, known as “transaction malleability.”