Comment by ArtTimeInvestor

17 hours ago

From the Coinbase website:

https://www.coinbase.com/en-de/blog/protecting-our-customers...

    What they got

    - Name, address, phone, and email

    - Masked Social Security (last 4 digits only)

    - Masked bank‑account numbers and some bank account identifiers 

    - Government‑ID images (e.g., driver’s license, passport)

    - Account data (balance snapshots and transaction history)

Wow. Why does customer support staff have access to images of the user's passports?

16 comments

ArtTimeInvestor

Reply
rtkwe  16 hours ago

I also like 'last 4 digits only' as if that's not the most important parts and the part so many places use to validate your identity, the first 5 are just area and group so they're not exactly random.

  • Ozarkian  15 hours ago

    Everyone's social security number is available. If you go download the leak referring to in this HN post [1], your SSN is certainly in it. Mine was, everyone in my family's was, almost all of my friends' were.

    The world needs to stop pretending that SSNs are secret. They aren't.

    [1] https://news.ycombinator.com/item?id=41248104

    • Kiro  14 hours ago

      The world has stopped pretending a long time ago. In my country SSN is public information.

thepasswordis  16 hours ago

Ah, cool. My name, home address, phone number, social security number, and images of my drivers license and passport as well as what bank I use.

aianus  15 hours ago

Who else would verify the user passports if not the customer support staff? Who verifies (and photocopies! in Asia and Europe) your passport at a hotel or car rental office?

walamaking  12 hours ago

I always thought that the government ID photos were claimed to be wiped out immediately after document verification. Guess not.

  • fckgw  12 hours ago

    The attackers bribed customer service agents to hand over data and documents, they were not breached directly. It's possible this stuff may have been handed over before being destroyed.