hypeatei 16 days ago

Whatever you think of Coinbase, this is a pretty good response IMO:

> and will not pay the $20 million ransom demand we received. Instead we are establishing a $20 million reward fund for information leading to the arrest and conviction of the criminals responsible

4
phdp 15 days ago

No it isn’t! The headline they used is “Protecting Our Customers - Standing Up to Extortionists.” My issue with it is that they word their announcement in a way that leads people to congratulate them instead of saying we’re sorry for leaking your private information. I’m so angry at them over this.

Additionally the email they sent me had the subject “important notice” and that my personal account was affected as the third sentence in a rather wordy paragraph. None of this is ok and this is not a company taking this seriously.

ajma 16 days ago

That's the same move from the Ransom movie from 1996 https://youtu.be/haThIxPnYro?si=Jxu0elA-ylB5Z15q

twodave 16 days ago

I love it. This also would have been a great opportunity to break out of corporate speak for a moment for a good “Up yours hacker assholes!” Even us folks in the Bible Belt appreciate a well timed swear word here and there.

pcl 16 days ago

I’d say the better thing for customers would be to pay the ransom demand and get the PII back. If they want to fund a reward scheme too, well great, but if it were my data, I’d care more about Coinbase limiting the breach of the data, not playing around with retaliatory rewards.

hypeatei 16 days ago

There is no guarantee that an anonymous criminal is going to hold up their end of the agreement. Coinbase has no idea who they're negotiating with or where that data has been shared.

That, and they're reimbursing customers who were tricked.

int_19h 16 days ago

In addition, paying the ransom would be an open invitation for everybody else to try the same attack, with the net result that all customers are less secure in the long run.

deburo 16 days ago

Limiting? The damage is already done.