Cryptocurrency exchange firm Coinbase has disclosed that a recent hacking attempt by the threat actors suspected of being behind the Twilio and Cloudflare hacks has led to a minor leak of employee data. Coinbase on Friday revealed that the hacking campaign against the company began on Feb. 5 when its employees received SMS messages requesting that they urgently log into their official email accounts to receive an important message. Although the majority of the workforce ignored the messages, the company says an unidentified employee clicked on the malicious link and entered his or her email ID and password on a fake login page. When the hackers gained the user’s credentials, they attempted to get remote access to the Coinbase network, but due to two-factor authentication controls, they couldn’t gain further access, the company says. The hackers then directly contacted an employee, according to Coinbase, and claimed to be a Coinbase corporate IT staff member seeking help. But the Coinbase employee became suspicious, and when the SIEM alerted the incident response team to unusual behavior, the team notified the employee, who terminated all communication with the attackers, Coinbase says. Although the company says it was able to prevent the attack quickly, it acknowledged the incident did cause limited leaks of employee data such as user names and contact details.
Full story : Crypto Exchange Coinbase Details SMS Phishing Attacks.