No authorization required in iOS device web-application

Hey, this is Ahsan Tahir! I've found a authorization issue in coinbase! :-) Issue ======= When we login to coinbase using PC (not authorized) it asks for authorization using a link, which is sent to our email and we have to authorize it by clicking on that email; but, when we login to a iOS device (using a browser), it doesn't requires any authorization, and we directly login, it shows the transactions and the total balance in our wallet, which is no doubt **Information Disclosure**; further, if we go to this URL https://www.coinbase.com/settings, we can edit our settings [change password, delete account, change other settings] etc.. so this is no doubt **Authorization/Authentication** issue. ### Steps to Reproduce: 1. Login with iOS device (browser, not app). 2. It won't ask for any authorization, and it will disclose the transactions etc.. 3. Go to https://www.coinbase.com/settings. 4. Now you can also *edit* the settings. How to Fix? ---------------- When we login to iOS device using browser, it *should* ask for authorization! Like sending a mail to the email of that account or other type of authorization! If you have any other questions or if anything needs clarification, please let me know. Hoping for you to fix this issue ASAP! Thanks, Ahsan Tahir