Celsius Network has disclosed to its community that it has suffered a data breach, warning users against threats of phishing attacks. An unnamed employee of Celsius’ third-party social media handler Customer.io accessed a list of Celsius client email addresses and transferred those to a third-party. Customer.io handles the market communications for both, Celsius as well as OpenSea. In June, OpenSea also reported a data breach. At the time, Customer.io had informed Celsius that its user data was safe.
After firing the concerned employee, Customer.io conducted internal analysis through the month of July, and later warned Celsius about the data breach incident.
Celsius, the crypto lending firm is now in the process of informing its users about this breach, asking them to be alert and not share sensitive information with unverified strangers.
It looks like tough days are nowhere near an end for Celsius. The company, struck by the recent crypto slump, has filed for bankruptcy.
As per Celsius, only a list of its client email addresses saved with Customer.io was leaked by the now terminated engineer, and no other information is expected to have become part of the breach.
Customer.io has also published a blog post addressing the incident.
“Despite the many precautions taken to protect our customer data, the employee’s role enabled specific access to these email addresses. This employee has been terminated, all access has been revoked and we have reported this employee to law enforcement,” the company wrote.
In June, when OpenSea NFT marketplace suffered the data breach, its users had complained about being bombarded with emails that resembled phishing attempts.
My info was breached thanks to OpenSea and Customer io :joy: Lord Jeebus help me. I was wondering why I had so many spammy texts, phone calls, and emails lately. :face_with_rolling_eyes:
— MetzilMazatl ~ SovereignSeraphim.eth :feather::rainbow-flag: (@TheAscendant3) June 30, 2022
1. Don’t open content of emails or files sent by strangers.
Especially if it’s an APK file, Google extension file or anything claimed to be a “new software update” in the email. Treat the content as malware and they can be used to obtain your data remotely.
— SummerWatch | SummerScan (@summerwatchorg) July 2, 2022
Phishing is a category of cyber-attack in which specific emails are directed at potential victims in an attempt to lure them into clicking malicious links, or download malware to mine or steal their crypto holdings.