Coinbase Incident Reveals That Error Logs Are An Attack Vector

Coinbase has revealed that the name, email, password, and state of residence of 3,420 users was stored on their servers in an unencrypted format, leaving this information potentially accessible to hackers. To be clear, in this case Coinbase asserts that there was no unauthorized access to this data, but this incident reveals an important attack vector: error logs.

Essentially, when an error occurs on a website the data associated with the error is published to an internal error log. In this specific case, Coinbase users who had javascript disabled were not able to correctly submit their user information to create an account, but enough HTML was loaded so that the user was able to fill in their information and hit submit, at which point the error occurred. Instead of this user information being properly encrypted, the user information was published in unencrypted format in the error logs.

A widespread problem with usernames, emails, and passwords is that people often use the same password for everything. Thus, if a hacker would obtain an email and password from the error logs, they would then be able to break into emails, social media accounts, and perhaps even critical financial accounts.

In this specific case Coinbase responded quickly and fixed the root of the problem, and had affected users change their password, but this incident should be taken as a warning for all webmasters. Basically, hackers could target the error logs of any website in order to compromise user’s accounts, and webmasters need to be on top of this. Perhaps encrypting the error logs is a solid catch-all solution for this issue.

Also, internet users should try to use different passwords for different websites, so if one of their accounts is compromised it does not lead to all of their accounts being compromised. Additionally, using 2 Factor Authentication (2-FA), where a code from a text message or Google Authenticator is required to login, can prevent an account from being breached by a hacker even if the password is compromised.

Zooming out, cryptocurrency exchanges have numerous risks including the possibility for identification and financial information to be compromised, funds being frozen or reversed, and the ever present possibility that an exchange could be hacked and lose all of its funds. Cypherpunk Labs will explore the safety and security issues surrounding cryptocurrency exchanges in future articles.