| Recurring |
unknown |
(a) The software failure incident having happened again at one_organization:
The article does not mention any previous similar incidents happening again within the same organization (Coinbase) or with its products and services. Therefore, there is no information available to suggest that this specific software failure incident has occurred again at Coinbase [118889].
(b) The software failure incident having happened again at multiple_organization:
The article does not provide information about similar incidents happening at other organizations or with their products and services. Hence, there is no mention of this specific software failure incident occurring at multiple organizations [118889]. |
| Phase (Design/Operation) |
design |
(a) The software failure incident in Article 118889 was primarily related to the design phase. The incident was a "large-scale" phishing attack that impacted at least 6,000 Coinbase customers. The attack occurred due to scammers sending phishing emails that claimed to be from Coinbase, tricking users into clicking on a link and entering their account credentials. This design flaw in the email system allowed the perpetrators to gain control of user accounts without breaching Coinbase's security infrastructure [118889].
(b) There is no specific information in the articles to suggest that the software failure incident was related to the operation phase. |
| Boundary (Internal/External) |
within_system |
(a) within_system: The software failure incident reported in Article 118889 was due to contributing factors that originated from within the system. Coinbase disclosed a "large-scale" phishing attack that impacted users, where scammers were able to gain control of user accounts by sending phishing emails that claimed to be from Coinbase. This flaw in the system allowed the perpetrators to obtain user credentials and take control of accounts, leading to the security breach [118889]. The company stated that the scammers never breached Coinbase's "security infrastructure or broader systems," indicating that the failure was internal to the system.
(b) outside_system: The software failure incident reported in Article 118889 did not indicate any contributing factors that originated from outside the system. While it remains unclear how the hackers were able to identify the email addresses of a large number of Coinbase users, the company mentioned that there was no evidence to suggest the information was obtained from inside the company. This lack of evidence regarding external factors suggests that the failure was primarily within the system [118889]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident occurring due to non-human actions:
- The software failure incident at Coinbase was a "large-scale" phishing attack that impacted users earlier this year [Article 118889].
- The scammers were able to gain control of user accounts by sending phishing emails that claimed to be from Coinbase. When users clicked on a link in the email and entered their account credentials, the perpetrators were able to see the credentials and take control of the accounts [Article 118889].
- Coinbase mentioned that the scammers never breached Coinbase's "security infrastructure or broader systems" and that the flaw was immediately fixed [Article 118889].
(b) The software failure incident occurring due to human actions:
- The phishing attack was initiated by human scammers who sent phishing emails to Coinbase users [Article 118889].
- Users unknowingly provided their account credentials in response to the phishing emails, enabling the scammers to take control of their accounts [Article 118889].
- It remains unclear how the hackers were able to identify the email addresses of a large number of Coinbase users, with Coinbase stating there was no evidence to suggest the information was obtained from inside the company [Article 118889]. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident reported in Article 118889 was not attributed to hardware issues. The incident was a "large-scale" phishing attack that impacted users of Coinbase, a cryptocurrency exchange platform. The attack involved scammers sending phishing emails to users, tricking them into revealing their account credentials, which allowed the perpetrators to take control of the accounts. Coinbase stated that the scammers did not breach the company's "security infrastructure or broader systems," indicating that the failure did not originate from hardware issues [118889].
(b) The software failure incident in Article 118889 was primarily attributed to software-related factors. The attack was carried out through phishing emails that exploited vulnerabilities in the software system, allowing the scammers to gain unauthorized access to user accounts. Coinbase mentioned that they immediately fixed the flaw in their system and worked with affected customers to regain control of their accounts and reimburse them for the funds lost, indicating that the failure originated in the software system [118889]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident reported in Article 118889 was malicious in nature. It was a "large-scale" phishing attack that impacted at least 6,000 Coinbase customers. The attackers sent phishing emails claiming to be from Coinbase to gain control of user accounts by tricking them into entering their credentials. This incident involved human actors with the intent to harm the system by stealing funds from users' accounts through deceptive means [118889]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions, accidental_decisions |
(a) The software failure incident reported in Article 118889 was primarily due to poor decisions made by the scammers behind the phishing attack on Coinbase users. The scammers utilized phishing emails that appeared to be from Coinbase to trick users into revealing their account credentials. This tactic allowed the perpetrators to gain control of user accounts and carry out the attack. Coinbase mentioned that the scammers did not breach their security infrastructure but exploited user actions based on deceptive emails, indicating that the failure was a result of poor decisions made by the scammers in executing the phishing attack [118889].
(b) Additionally, the incident could also be attributed to accidental decisions made by the affected users who fell victim to the phishing attack. Users inadvertently clicked on links in the phishing emails and entered their account credentials, unknowingly providing access to their accounts to the scammers. This unintended action by the users played a significant role in the success of the attack, highlighting the impact of accidental decisions in contributing to the software failure incident [118889]. |
| Capability (Incompetence/Accidental) |
accidental |
(a) The software failure incident reported in Article 118889 was not attributed to development incompetence. The article mentioned that the scammers behind the phishing attack did not breach Coinbase's security infrastructure or broader systems. Instead, they utilized phishing emails to trick users into revealing their account credentials, indicating a lack of professional competence was not the root cause of the incident.
(b) The software failure incident in Article 118889 was more aligned with an accidental failure. The phishing attack was described as a "broad" attack that impacted at least 6,000 Coinbase customers. The scammers were able to gain control of user accounts by sending phishing emails that appeared to be from Coinbase, leading users to unknowingly provide their credentials. This accidental exploitation of user trust and the email system resulted in the successful execution of the attack. |
| Duration |
temporary |
(a) The software failure incident in the article is temporary. The phishing attack on Coinbase occurred between April and early May of 2021, impacting at least 6,000 customers. Coinbase immediately fixed the flaw and worked with the affected customers to regain control of their accounts and reimburse them for the funds lost. The attack was a specific event that was addressed and resolved, indicating a temporary nature of the software failure incident [118889]. |
| Behaviour |
value, other |
(a) crash: The software failure incident in the article does not involve a crash where the system loses state and does not perform any of its intended functions [118889].
(b) omission: The failure in this incident is not due to the system omitting to perform its intended functions at an instance(s) [118889].
(c) timing: The software failure incident is not related to the system performing its intended functions correctly, but too late or too early [118889].
(d) value: The failure in this incident is due to the system performing its intended functions incorrectly, as scammers were able to gain control of user accounts by tricking them through phishing emails [118889].
(e) byzantine: The software failure incident does not involve the system behaving erroneously with inconsistent responses and interactions [118889].
(f) other: The behavior of the software failure incident in this case is related to a large-scale phishing attack that led to scammers gaining access to user accounts by sending phishing emails claiming to be from Coinbase. The flaw in the system allowed the scammers to obtain user credentials and take control of accounts, resulting in financial losses for affected users [118889]. |