They have two factor SMS verification available for every login attempt. But you may just have malware on your computer if you had a really strong password.
Perhaps something to do with the API (which is disabled by default but some victims have noticed was enabled) https://coinbase.com/docs/api/authentication
"If someone obtains your api_key or an access_token with the send or all permission, they will be able to send all the bitcoin out of your account."
Perhaps something to do with the API (which is disabled by default but some victims have noticed was enabled) https://coinbase.com/docs/api/authentication "If someone obtains your api_key or an access_token with the send or all permission, they will be able to send all the bitcoin out of your account."
(edit: followed the transaction trail on one of those links, ended up with week old address that had received 49,497BTC https://blockchain.info/address/1Facb8QnikfPUoo8WVFnyai3e1Hc...)