If you were not expecting to receive a device confirmation email, this means that someone was able to use your password and 2-step verification code to begin signing in to your Coinbase account. Immediately perform the following steps to help ensure the security of your Coinbase account.
Change your passwords
Change the password to both your Coinbase account and your email account. You should use passwords that are entirely new, unique, complex, and unrelated to each other or other passwords you’ve previously used.
Check your device and IP activity
Sign in to Coinbase and navigate to https://www.coinbase.com/settings/account
Here you can review all active sessions associated with your account. If any of the web sessions or confirmed devices look unfamiliar, you can easily revoke the sessions in your security settings. Please see the red arrows and ovals in the screenshot below.
By clicking where the red arrows are pointing, you will be able to either sign out of all other sessions or revoke all other confirmed devices.
By clicking the Xs outlined by the red ovals, you can sign out of individual web sessions or revoke specific devices.
If you review your account’s active sessions and notice unauthorized devices or web sessions, please do not hesitate to contact the Coinbase Support team so that our security experts can further investigate the unauthorized activity on your account and help you secure your accounts going forward.
Coinbase support can be reached by submitting a support ticket.
Please note: If any of the IP addresses or locations look unfamiliar, it is strongly recommended that you review your internet browsing history to see if you accessed a website with an address other than https://www.coinbase.com. If you did mistakenly enter your credentials into a website other than the official Coinbase domain, please include a link with your report to Coinbase support or send it to [email protected]
Enable 2-step verification
Now that you’ve updated your passwords, checked for and revoked unauthorized devices and web sessions, and reached out to Coinbase support, begin enabling the strongest form of 2-step verification available on both your Coinbase and email accounts.
Currently, the strongest form of 2-step verification available on the Coinbase platform is TOTP with an Authenticator app. For more information on enabling Authenticator within your Coinbase account, please review this support article.
As an aside, if you are using a service that forwards text messages to email or allows them to be read online, please disable this service immediately.
Bookmark https://www.coinbase.com/ in your browser, and only use this link to sign in.
2-step verification for email
Make sure that 2-step verification is enabled wherever possible, including your email account. If you use a service that can forward your text messages to email or allow them to be read online, disable this immediately.
If you have any account security concerns, no matter how big or small, please do not hesitate to contact Coinbase Support and we will have our security experts review your account and answer any questions you may have.