Bitcoin wallet service Coinbase has publicly, and presumably accidentally, exposed information about its merchants' names, e-mail addresses, and product details on the Coinbase website. The exposed e-mail addresses have become the target of phishing attacks. Update: Coinbase says only certain Coinbase merchants had their email addresses exposed. No transaction receipts were leaked, as this story originally stated. See below for details.
Coinbase, a Y Combinator-backed startup, is a popular service for holding users' bitcoins. At the time of this writing, the leaked information was still showing up in Google searches of the Coinbase site:
The URLs of the pages label them "checkouts," and they appear to be transaction receipts. One was a 0.05 BTC ($6.85) transaction labeled as a donation. Another was a $980 transaction for "8 managed VPS hosts" from a company called cachedd. A third was a 229.99 BTC ($31,508) transaction for "AVALANCHE SPA POWDER."