Celsius Network Client Data Breach Confirmed by Customer.io


Coinspeaker
Celsius Network Client Data Breach Confirmed by Customer.io

Embattled digital currency lending platform, Celsius Network appears to be making targeted efforts to prepare its customers for a potential phishing attack that might be originating from a data leak on its third-party vendor, Customer.io.

Celsius Network comes off as one of the impacted platforms when Customer.io recorded a data breach that saw one of its employees sending a client’s email address to outsiders. When the breach was first recorded at the time, only OpenSea was notably warned, and according to Celsius Network, Customer.io confirmed at the time that its client’s data were not compromised.

After deeper investigations, Customer.io later came to announce that the breach affected other client’s data numbering about 5 altogether were also affected.

“After further investigating the compromised OpenSea email addresses incident, we have learned today that the email addresses from five other customers were also provided to the same external bad actor,” Customer.io said in a blog post earlier this month. “We know this was a result of the deliberate actions of a senior engineer who had an appropriate level of access to perform their duties, and provided these email addresses to the bad actor. This action was limited to this single employee.”

Customer.io said the employee’s job has been terminated and that it did not expect any more surprises as a result of the breach.

Celsius Network Cautioning Its Users

While the now bankrupt crypto lender is not sure of what a major security threat other than a Phishing attack that the breach is billed to cause, it has taken responsibility by sending awareness messages to its users across the board.

“We are writing to let you know that we were recently informed by our vendor http://Customer.io that one of their employees accessed a list of Celsius client email addresses held on their platform and transferred those to a third-party,” a Celsius community account tweeted on Thursday.

Should the bad actors holding the Celsius user’s emails decide to make use of these IDs to send phishing links, the effort is bound to be futile as the crypto lender is yet to reopen its platform for withdrawals and is neck-deep in its bankruptcy proceedings.

“We do not consider the incident to present any high risks to our clients whose email addresses may have been affected but are releasing this communication to make sure you are aware,” the Celsius community account reiterated.

The crypto lender said it has gotten the affirmative from Customer.io that none of its other data is involved in the breach so all users are to rest assured that no other surprise is on the way.

Celsius Network Client Data Breach Confirmed by Customer.io