Disclosing a system glitch that affected thousands of its customers, US Cryptocurrency Exchange Coinbase revealed that the potential vulnerability affected passwords of users. The vulnerability was discovered on the signup page and it caused users registration details to be stored in clear text in the firm’s internal web server logs.
Notifying customers of the development, the exchange said in a blog post that it had began emailing the 3420 customers affected by the bug.
Assuring its customers, Coinbase revealed the problem has been fixed and that logged information was not improperly accessed, misused, or compromised. To boost confidence, it required customers to change their passwords as a “best-practice” precaution.
Giving description how it happened, the exchange explained that inn a very specific and rare error condition, the registration form would not load correctly and any attempt to create a new Coinbase account under this condition would fail. Despite the failure, the details of the user including proposed passwords, email addresses names etc would be sent to the firm’s internal logs.
However, if the user tries again on a reloaded page, the registration will proceed correctly and password will be securely hashed. But in the case of these 3420 customers, the users successfully registered using a password with a hash that matched the one previously logged.
 
Responding to the issue, the firm said it identified the bugs and fixed it. It also traced back all the places where the logs might have ended up. A password reset for the impacted account was triggered for customers to change their passwords.
 
According to Coinbase, “We maintain incredibly high standards for securing the Coinbase platform, and any time we fall even slightly short of those standards, we mobilize a team to figure out what went wrong, and how we prevent it from happening again. We also believe in being transparent with our customers, which is why we’re sharing the results of our investigation today“.
Coinbase had recently announced the acquisition of institutional business from Xapo as it continues its expansion mission across the cryptocurrency and blockchain industry.

Disclosing a system glitch that affected thousands of its customers, US Cryptocurrency Exchange Coinbase revealed that the potential vulnerability affected passwords of users. The vulnerability was discovered on the signup page and it caused users registration details to be stored in clear text in the firm’s internal web server logs.
Notifying customers of the development, the exchange said in a blog post that it had began emailing the 3420 customers affected by the bug.
Assuring its customers, Coinbase revealed the problem has been fixed and that logged information was not improperly accessed, misused, or compromised. To boost confidence, it required customers to change their passwords as a “best-practice” precaution.
Giving description how it happened, the exchange explained that inn a very specific and rare error condition, the registration form would not load correctly and any attempt to create a new Coinbase account under this condition would fail. Despite the failure, the details of the user including proposed passwords, email addresses names etc would be sent to the firm’s internal logs.
However, if the user tries again on a reloaded page, the registration will proceed correctly and password will be securely hashed. But in the case of these 3420 customers, the users successfully registered using a password with a hash that matched the one previously logged.
 
Responding to the issue, the firm said it identified the bugs and fixed it. It also traced back all the places where the logs might have ended up. A password reset for the impacted account was triggered for customers to change their passwords.
 
According to Coinbase, “We maintain incredibly high standards for securing the Coinbase platform, and any time we fall even slightly short of those standards, we mobilize a team to figure out what went wrong, and how we prevent it from happening again. We also believe in being transparent with our customers, which is why we’re sharing the results of our investigation today“.
Coinbase had recently announced the acquisition of institutional business from Xapo as it continues its expansion mission across the cryptocurrency and blockchain industry.