Summary: Coinbase has resolved an issue in its account activity logs that was misleading users into believing their accounts were compromised due to incorrect labeling of failed login attempts. These attempts were mistakenly reported as two-factor authentication failures, causing confusion and unnecessary concern among users. The update will now clearly indicate failed password attempts, alleviating user anxiety and reducing the potential for social engineering attacks.
Affected: Coinbase
Keypoints :
- Bug incorrectly labeled failed login attempts as “2FA failures” instead of “Password attempt failed.”
- This confusion led users to fear that their accounts had been breached, prompting unnecessary password resets.
- Threat actors could exploit these logs in social engineering attacks aimed at deceiving users into revealing sensitive information.
Views: 9