Coinbase, the San Francisco-based cryptocurrency exchange, has disclosed a vulnerability that impacted 3,420 of its customers. The bug resulted in the registration details of said customers being stored in plain text on the firm's internal web server logs.
According to Coinbase, while the firm is confident it has fixed the cause of the bug and that the logged information has not been compromised, it has emailed its customers, requiring them to change their passwords.
In its post mortem post, Coinbase explains that "under a very specific and rare error condition, the registration form on our signup page wouldn’t load correctly, which meant that any attempt to create a new Coinbase account under those conditions would fail." However, Coinbase added, that the account creation failure also "meant that the individual’s name, email address, and proposed password (and state of residence, if in the US) would be sent to our internal logs."