← Back to context

Comment by fckgw

10 hours ago

Looking at their blog post, it seems like they paid customer support agents to hand over sensitive data. The attackers did not have access to any agent accounts themselves, and the customer service agents were accessing data they were already privileged to anyways.

https://www.coinbase.com/blog/protecting-our-customers-stand...

2 comments

fckgw

Reply
lavezzi  8 hours ago

The customer service agents were accessing data they were already privileged to anyways.

That's not how front line support agent access should work. You get access based on active cases you are working on, not the keys to the kingdom because you might need to support a member at some future point in time.

throitallaway  9 hours ago

It makes me wonder what type of access support agents have in the first place. A lot of this information should require "unlocking" on a case-by-case basis by challenge/response while interacting with a customer.