With the rise in data breaches and proliferation of sophisticated new phishing websites over the past few years, the odds are almost certain that at least one of your passwords is floating around on the internet, waiting to be misused by a fraudster or criminal. Oftentimes, attackers will take breached or phished login credentials and test them against multiple different websites, a process known as “credential stuffing”, in an attempt to gain access to sensitive online accounts.
At Coinbase, we’ve implemented multiple layers of protection against credential stuffing attacks. Most of these lines of defense remain invisible to you as the customer. Starting today, however, our Security team will notify you if we find your email address and password in a data breach or credential dump from another website, and will proactively lock your account if that email/password combination is currently valid for your Coinbase account.This gives you the opportunity to change your credentials before they can be used against you.