Phishing risks escalate as Celsius confirms client emails leaked

It is not the first time Celsius’ customer emails have been exploited and leaked online.

Celsius depositors should be on the lookout for phishing scams after the company revealed some of its customer data has been leaked in a third-party data breach. 

On July 26, Celsius sent an email to its customers informing them that a list of their emails had been leaked by an employee of one of its business data management and messaging vendors.

According to Celsius, the breach came from an engineer at the Customer.io messaging platform who leaked the data to a third-party bad actor.

“We were recently informed by our vendor Customer.io that one of their employees accessed a list of Celsius client email addresses,” said Celsius in its email to customers. The data breach is part of the same incursion that leaked OpenSea customer email addresses in June.

Announcement from Celsius: “We are writing to let you know that we
were recently informed by our vendorhttps://t.co/452EROQtbc that one of their employees
accessed a list of Celsius client email
addresses held on their platform and
transferred those to a third-party.”

— Celsians (@CelsiansNetwork) July 28, 2022

Celsius has however played down the incident stating that it did not “present any high risks to our clients,” adding that they just wanted users to “be aware.”

On July 7, Customer.io wrote in a blog post that “We know this was a result of the deliberate actions of a senior engineer who had an appropriate level of access to perform their duties and provided these email addresses to the bad actor.” The employee has since been terminated.

The number of emails leaked was not disclosed, nor was the platform to which they were leaked.

However, the crypto community has started to warn Celsius users of phishing attacks which usually follow an email data breach.

Phishing is a form of social engineering in which targeted emails are sent to lure victims into revealing more personal data or clicking links to malicious websites that installs malware to steal or mine crypto.

⚠️ Celsius users should expect phishing emails along the lines of “Verify your wallet to withdraw your funds” that will phish for your SRP/PKey due to this

Remember, your SRP should only be known to you and you only https://t.co/QYuDhEE7aL

— harry.eth (whg.eth) (@sniko_) July 28, 2022

A similar data breach in April 2021, saw Celsius customers reportedly targeted by a fraudulent website claiming to be the official Celsius platform. Some received SMS and emails prompting them to reveal personal information and seed phrases.

At the time, the company reported that hackers had gained access to a third-party email distribution system it uses.

Related: Email server breach sees Celsians targeted by phishing attacks

Perhaps the most famous crypto data breach was from hardware wallet provider Ledger, which had its servers hacked in 2020. The spewing of thousands of customers’ personal details on the internet resulted in untold losses and even physical threats for many victims, yet the company has refused to compensate them.

Celsius email to customers on July 26.

Related Posts

Brazilian Crypto Investment Platform Bluebenx Stops Withdrawals Under Hack Allegations

Bluebenx, a Brazil-based cryptocurrency investment platform, suspended withdrawals last week due to an alleged hack that made the company lose more than $31 million. The company announced…

Aave Responds to Blocking Addresses Over Tornado Cash Clampdown

DeFi lending protocol Aave Protocol said the TRM API on its app was responsible for blocking addresses that received ETH from unknown sources through Tornado Cash. In…

Ripple Price Analysis: After 2 Months of Sideways, Will XRP Finally Breakout?

A strong resistance level has trapped Ripple for over two months, resulting in the price flirting between $0.3 to $0.39 during that period. It seems that the…

Wayru’s Decentralized Internet Network Goes Live

Web3 Telecommunications Startup Wayru has finally launched its decentralized internet network and Genesis hardware devices. This will usher in a new era of connectivity where anyone can…

NFT Adoption in Africa: What is the Current Reality?

Africa, the world’s second largest continent, with a population of over 1.6 billion, is still developing when it comes to technology adoption. In most cases, people in…

Acala Network aUSD Depegs by 99% as Hacker Issues Over 1 Billion Tokens

Acala Network became the latest Defi network to suffer an exploit after hackers breached the network and issued 1.2 billion aUSD tokens. The Polkadot-based network issues aUSD…

Generated by Feedzy