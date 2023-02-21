The notorious ‘0ktapus’ hackers briefly compromised Coinbase Global, Inc (NASDAQ: COIN).

The hackers stole the login credentials of one of its employees in an attempt to gain access to the company’s systems remotely, TechCrunch reports.

0ktapus is a hacking group that targeted over 130 organizations, including Twilio Inc (NYSE: TWLO), Cloudflare, Inc (NYSE: NET), and DoorDash, Inc (NYSE: DASH) in 2022 to steal the credentials of thousands of employees.

That figure of 130 organizations is likely much higher, as a report claimed that the gang targeted several tech and video game companies.

The 0ktapus hackers first sent spoofed SMS text messages to several employees on February 5, advising them to log in urgently using the link provided to receive an important message.

One employee followed the phishing link and entered their credentials.

In the next phase, the attacker tried to log into Coinbase’s internal systems using the stolen credentials but failed to breach the multi-factor authentication.

Some 20 minutes later, the attacker used voice phishing to call the employee and urged them to log into their workstation, accessing employee information, including names, email addresses, and phone numbers.

Coinbase spokesperson Jaclyn Sales said, “The threat actor was able to see, through a screen share, certain views of internal dashboards and accessed limited employee contact information.”

However, Coinbase says its security team responded quickly, preventing the threat accessor from accessing customer data or funds.

Coinbase chief information security officer Jeff Lunglhofer recommends that users switch to hardware security keys for stronger account access.