The Celsius client data was exposed in the same breach as OpenSea and Customer.io admitted that the data was exposed as well so let’s read more today in our latest cryptocurrency news.
According to the Celsius community, the company said contacted users to inform them of the data breach directly affecting them which can easily lead to phishing attempts. The breach was identified on the June of 30th and at the same time, as the OpenSea client data leak back then, Celsius reached out to the customer.io with the company handling the market communications for Celsius and OpenSea who stated that the lender’s clients’ data was unaffected.
Announcement from Celsius: “We are writing to let you know that we
were recently informed by our vendorhttps://t.co/452EROQtbc that one of their employees
accessed a list of Celsius client email
addresses held on their platform and
transferred those to a third-party.”
— Celsians (@CelsiansNetwork) July 28, 2022
Customer.io representatives recanted the statements and informed Celsius that some of the client data that was actually breached. The employee was terminated and Customer.Io updated the statements on the incident and stated that the data of five other customers were stolen as well:
“After further investigating the compromised OpenSea email addresses incident, we have learned today that the email addresses from five other customers were also provided to the same external bad actor.”
The Celsius client data was also exposed and it seems that the platform was one of the five and shared screenshots of the cautionary emails that they received. According to the screenshots shared by the Celsius users and the client data leaked to the bad actors is a list of the email addresses with no other identifying information. Celsius doesn’t foresee any other threats to further client data security and the team warned users to be on the guard and to contact Celsius support if affected:
“We do not consider the incident to present any high risks to our clients whose email addresses may have been affected but are releasing this communication to make sure you are aware.”
— db (@tier10k) July 28, 2022
In the meantime, cybersecurity researchers warned users that the phishing emails will be in the form of a link to a fake verification process allowing users to withdraw funds and it is ironic that even though this will be a huge bit of social engineering since Celsius withdrawals are frozen and the withdrawals from the paltform are still suspended. Therefore it is unclear how bad actors can drain the unsuspecting victim’s wallet. The incident is another important reminder for everyone to keep their private keys offline and to avoid links or QR codes whose origins cant be ascertained. The court cases go on and the incident will be yet another worrying thought on the minds of the platform’s users.
DC Forecasts is a leader in many crypto news categories, striving for the highest journalistic standards and abiding by a strict set of editorial policies. If you are interested to offer your expertise or contribute to our news website, feel free to contact us at [email protected]