Table of contents
Celsius just introduced Steal a list of email addresses from your users Customer.io employee. The incident is believed to have occurred during the same data breach that occurred in the NFT OpenSea trading room in late June.
Customer.io publishes a list of Celsius email addresses
Celsius said today that a list of customer email addresses has leaked. through the Customer.io automated messaging platform.
The credit company has issued an e-mail alert to its users, stating that “one of the employees [Customer.io] accessed the Celsius customer e-mail list. “Interested employee then these addresses are sent to malicious third parties. The name of this external third party was not disclosed.
Celsius states in a statement that these addresses have been stored on Customer.io for marketing purposes. Customer.io is the Celsius email service provider, an automated messaging platform for marketers. For, User accounts were not directly hacked. The platform is also trying to reassure its customers by pointing out that the incident “does not pose a high risk to them”. While they still don’t have clear evidence of this breach, they have decided to notify their users.
OpenSea data leak
According to Celsius, this data breach is part of same attack which led to the disclosure of the email addresses of users associated with the OpenSea NFT market in late June. Here’s what OpenSea said at the time:
We recently learned that an employee of Customer.io, our email delivery service provider, abused his access rights to download the email addresses provided by OpenSea users and our newsletter subscribers and has sent an unauthorized external party for exchange.
The NFT platform then communicated this to its users. Phishing Risks to which they have been subjected. Earlier this year, a phishing campaign resulted in the theft of $ 1.7 million worth of NFTs (254 tokens stolen) from OpenSea users. An attacker could use the context of an NFT transfer operation on the Ethereum blockchain.
Celsius reported late
When the leak was discovered on OpenSea, the email platform he told Celsius that none of his data had been compromised. However, as a precaution, the company has removed all of its data from Customer.io. He then tried to make sure the platform actually removed his information from its database.
Finally, after further investigation, Customer.io reported to Celsius on July 8 that one of its employees had indeed accessed their users’ email list. Customer.io said today that the loss was affected five companies other than OpenSea. Unstoppable Domains appears to be one of them.
In response, Customer.io said yes Dismissal of a responsible employee violations. Obviously he was also reported to the police.
A premature accident
Although email address theft is quite common, the incident occurs with one Bad time for Celsius. The company, which is said to be suffering from a liquidity crisis due to “extreme market conditions”, especially after the collapse of the Earth ecosystem. It has since suspended payments to users in June. Furthermore, it is currently in bankruptcy proceedings.
Last week, Celsius presented its restructuring plan during the court hearing. The company relies on, among other things, mined bitcoins and the sale of various assets to repay its debt. Celsius also addressed the issue of compensation for its users. They may be offered the opportunity to get their cash back at a discount. Another option would be to keep your cryptocurrencies. This offer is likely to disappoint many of its customers.
Therefore, this incident came at a particularly difficult time for Celsius, who was already working towards it. restore the trust of its users.