Outside Source
Key Takeaways
- Celsius reported today that a Customer.io employee breached its list of user email addresses last month.
- OpenSea was the first target of this breach; however, further investigations have found other companies were also affected.
- The incident comes at a difficult time for Celsius, which recently suspended user withdrawals and filed for bankruptcy.
Share this article
Celsius said today that a list of client email addresses has been breached through its relationship with the automated messaging platform Customer.io.
Customer.io Leaked Celsius Email List
A Customer.io employee has leaked a list of email addresses belonging to Celsius customers.
Today, Celsius sent a message to its users indicating that “one of [Customer.io’s] employees accessed a list of Celsius client email addresses.” The employee then sent those addresses to an unnamed, malicious third party.
The beleaguered crypto lender stated the addresses were held in Customer.io’s records for marketing purposes and that user accounts were not directly breached. Celsius also said that the incident did not “present any high risks to our clients” and added that it has not yet been provided with evidence of the incident. It says it has nevertheless chosen to bring the incident to the attention of its users.
According to Celsius, the data breach is part of the same attack that leaked user email addresses tied to the NFT marketplace OpenSea in late June. At the time, Celsius was told that none of its data was compromised in the breach. However, as a precaution, it removed all of its data held with Customer.io. It then attempted to verify that information had been removed the platform.
However, On July 8, Customer.io notified Celsius that it had investigated the issue further and found that one of its employees had in fact accessed the list of user email addresses. Customer.io said today that five other companies other than OpenSea were targeted in the breach. Unstoppable Domains appears to be one of the other companies affected.
In response, Customer.io said that the employee responsible for the breach has been terminated and reported to law enforcement.
Though email address theft is not uncommon, the incident comes at an unfortunate time for Celsius. The firm suspended user withdrawals and is now engaged in bankruptcy proceedings.
The incident will likely reduce trust in Celsius as other developments have given users little reassurance.
Disclosure: At the time of writing, the author of this piece owned BTC, ETH, and other cryptocurrencies.
Share this article
This article first appeared at Crypto Briefing
