Coinbase has recently reported that the company found a vulnerability in its system that affected the passwords of some users. According to the company, some passwords were stored in a plain text file on the company’s servers.
The information was not accessed by any outside source at any time, but around 3,500 customers had their passwords stored in a less than secure way up until recently. The glitch may have affected only 0.1% of the clients but was relevant enough to be disclosed.
How has this happened, in the first place? According to the company, due to a very specific error in the procedure. The registration form would simply not be loaded correctly and the attempt to create the account would fail. However, the log of the failure would be sent to the company.
This meant that the name, information, and password of the person would be still in an unprotected place after the person succeeded in creating the account. Over 90% of the time, the customers retried and used the same password again, which caused the vulnerability.
After discovering this possible vulnerability, Coinbase looked at the other files present on the company’s database to see if another one could be problematic. Fortunately, no others were found at the time of this report.
According to a recent post, the company completely fixed the problem and excluded the file with sensitive information. All accounts that may have possibly be affected also were prompted to create new passwords in order to protect their assets.