• Coinbase users' personal data may have been exposed due to a security breach at AU10TIX, a third-party KYC (Know Your Customer) provider used by Coinbase. AU10TIX reportedly left its admin credentials open for 18 months, potentially allowing unauthorized access to Coinbase user data.
• The breach was discovered by a security researcher who found that AU10TIX's admin panel was accessible without any authentication, allowing access to sensitive information such as users' names, email addresses, phone numbers, and government-issued IDs. This could have potentially enabled bad actors to carry out identity theft or other fraudulent activities.
• Coinbase has acknowledged the incident and stated that they are investigating the matter with AU10TIX. The company has also assured users that they are taking steps to protect their data and that there is no evidence of any unauthorized access or misuse of Coinbase user information. Coinbase has emphasized the importance of maintaining strong security measures and working with trusted partners to safeguard customer data.