A second Bitcoin wallet service is facing security issues today after it was discovered that you can find Coinbase user information simply by searching on Google.
The company warned users yesterday that a phishing email was spreading around, asking for people to enter their Coinbase information on a website not affiliated with Coinbase. Ars Technica connected it to what we hope is a bug or fixable oversight that shows Coinbase user information in search results.
Coinbase, which acts as a digital wallet for Bitcoins, also allows merchants to put a “Pay with Bitcoin” button on their websites, as a Redditor pointed out. Those Pay with Bitcoin buttons display your name, email address, and Bitcoin address and lead you to a transaction page. Google indexes that transaction page, and while it seems it does not display the actual transaction, it will show your Bitcoin address in searches.
“It’s unclear which emails received the above message, but there doesn’t seem to be any clear link between those we’ve seen and our user database,” said Coinbase in its blog post.
The issue comes soon after another digital Bitcoin wallet called Instawallet was hacked into on Tuesday. At the time, Instawallet announced it was halting its service “indefinitely” because the way it was hacked rendered the entire service permanently vulnerable. The company says it is having to go back to the drawing board to rethink the way Instawallet will work technically.
Yesterday, Bitcoin market Mt. Gox experienced outtages, which it explained were actually denial of service attacks.
As a commenter on our post about the issue pointed out, this isn’t really a mark on Bitcoin itself. It seems the tools we use to store and trade Bitcoins are insecure, but the currency itself might not be.
Bitcoin image via zcopley/Flickr