A list of usernames of Bitcoin wallet service Coinbase found its way onto the web fueling rumours of a security breach, but the service denied the possibility of a hack despite acknowledging the authenticity of the leaked usernames.
The list contained usernames of Coinbase service and users on quite a few Bitcoin forums started speculating of a possible security breach. Coinbase denied the possibility of a hack stating: “there has been no data breach of names or emails at Coinbase.”
Coinbase revealed that the list contained usernames of “less than one half of one percent” of the service’s entire userbase and that the leak was not a result of a data breach. The Bitcoin wallet service also claimed that the list may have been obtained through a third-party Bitcoin related service as no other information other than emails are available in the list.
The service also didn’t rule out the possibility of email enumeration as the source of the leak. “Though we believe this type of spam and user enumeration activity doesn’t represent a significant risk to Coinbase customers, we absolutely recognize that it can be an inconvenience and cause confusion”, wrote Coinbase.
Coinbase ensured that it was making changes to its system to be more restrictive by fine tuning its existing rate limiting.
“We are continually striving to make Coinbase as safe and secure as possible for all of our users, and in the coming weeks, we will perform a more extensive overview of the existing controls we have in place to see how they can be improved”, assured Coinbase.
