Coinbase recently corrected a bug in its account activity logs that had alarmed users into thinking their accounts were compromised.
The issue caused failed login attempts with incorrect passwords to be wrongly displayed as two-factor authentication (2FA) failures.
This mislabeling led users to believe attackers had their correct credentials but failed at the 2FA step, sparking widespread concerns about a breach.
Coinbase clarified to BleepingComputer that attackers never actually reached the 2FA stage, and the error was due to improper logging.
A fix has now been deployed, and login attempts with wrong passwords are correctly labeled as "Password attempt failed."
The confusion caused some users to unnecessarily reset passwords and investigate possible malware infections.
This bug could have also been exploited by scammers in social engineering campaigns, although BleepingComputer could not confirm such cases.
Coinbase reminds users they will never request password changes or 2FA resets through calls or text messages, urging caution against phishing attempts.
Read more...