Coinbase has fixed a confusing bug in its account activity logs that caused users to think their credentials were compromised.
As BleepingComputer first reported earlier this month, Coinbase had mistakenly labeled failed login attempts with incorrect passwords as two-factor authentication failues in the Account Activity logs.
When a threat actor attempted to access someone’s account and used the wrong password, error messages stating “second_factor_failure” or “2-step verification failed” would be shown instead.
These entries imply that a valid username and password were entered, but the log in was blocked by 2-factor authentication, such as entering the wrong one-time passcode from an authenticator app.
Numerous Coinbase users contacted BleepingComputer with concerns that Coinbase had been breached as their passwords were unique to the site, there was no sign of malware, and no other accounts were affected.
