The hack took place between March and May 20 of this year, according to a copy of the letter https://oag.ca.gov/system/files/09-24-2021%20Customer%20Notification.pdf posted on the website of California’s Attorney General.
Unauthorized third parties exploited a flaw in the company’s SMS account recovery process to gain access to the accounts, and transfer funds to crypto wallets not associated with Coinbase, the company said.
Coinbase said there was no evidence to suggest the information was obtained from the company.
News of the hack was earlier reported by technology news portal Bleeping Computer.
(Reporting by Niket Nishant in Bengaluru; Editing by Shounak Dasgupta)