Skip to main content [aditude-amp id="stickyleaderboard" targeting='{"env":"staging","page_type":"article","post_id":711395,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"security,","session":"C"}']

Coinbase phishing attacks are the 3rd Bitcoin security problem this week

Coinbase phishing attacks are the 3rd Bitcoin security problem this week

Coinbase warned users about phishing attacks in a blog post this week after personal information is exposed in search engine results.

bitcoin

A second Bitcoin wallet service is facing security issues today after it was discovered that you can find Coinbase user information simply by searching on Google.

[aditude-amp id="flyingcarpet" targeting='{"env":"staging","page_type":"article","post_id":711395,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"security,","session":"C"}']

The company warned users yesterday that a phishing email was spreading around, asking for people to enter their Coinbase information on a website not affiliated with Coinbase. Ars Technica connected it to what we hope is a bug or fixable oversight that shows Coinbase user information in search results.

Coinbase, which acts as a digital wallet for Bitcoins, also allows merchants to put a “Pay with Bitcoin” button on their websites, as a Redditor pointed out. Those Pay with Bitcoin buttons display your name, email address, and Bitcoin address and lead you to a transaction page. Google indexes that transaction page, and while it seems it does not display the actual transaction, it will show your Bitcoin address in searches.

AI Weekly

The must-read newsletter for AI and Big Data industry written by Khari Johnson, Kyle Wiggers, and Seth Colaner.

Included with VentureBeat Insider and VentureBeat VIP memberships.

“It’s unclear which emails received the above message, but there doesn’t seem to be any clear link between those we’ve seen and our user database,” said Coinbase in its blog post.

The issue comes soon after another digital Bitcoin wallet called Instawallet was hacked into on Tuesday. At the time, Instawallet announced it was halting its service “indefinitely” because the way it was hacked rendered the entire service permanently vulnerable. The company says it is having to go back to the drawing board to rethink the way Instawallet will work technically.

Yesterday, Bitcoin market Mt. Gox experienced outtages, which it explained were actually denial of service attacks.

As a commenter on our post about the issue pointed out, this isn’t really a mark on Bitcoin itself. It seems the tools we use to store and trade Bitcoins are insecure, but the currency itself might not be.

Bitcoin image via zcopley/Flickr

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn More