Celsius reveals customer data breach by vendor’s employee

Embattled crypto lender Celsius Network has revealed via email that some of its customers’ data were breached by an employee of Customer.io.

According to Celsius, the firm has been discussing with Customer.io and confirmed that no other data was affected by the breach.

Celsius downplays the extent of the breach

The crypto lender has downplayed the extent of the breach as it said the leak had not impacted its systems and security.

Celsius said it only made its users aware of the breach and did not “consider the incident to present any high risks.”

We do not consider the incident to present any high risks to our clients whose email addresses may have been affected but are releasing this communication to make sure you are aware.

Celsius did not reveal the numbers of affected emails and users.

Celsius customers’ data had been previously leaked in April 2021. Then, the company claimed that hackers stole its customers’ data from a third-party email distribution system.

OpenSea recorded a breach too

OpenSea, the popular NFT marketplace, revealed that its email delivery partner leaked user data.

OpenSea revealed the email partner to be Customer.io.

The NFT marketplace warned users that the breach could increase “email phishing attempts.”

The firm advised users to “stay vigilant about (their) email practices,” adding that everyone who has shared their email with the site previously should assume they have been impacted.

Customer.io takes action

In a July 7 blog post, Customer.io said the senior engineer responsible for the leak had the appropriate level of access for their duties.

The firm clarified that only one employee was responsible for the breach. The said employee has been fired and reported to law enforcement agencies.

We launched a comprehensive security review of our access and security policies to prevent an insider threat from happening again and have already made some changes to the policies.

Source: https://cryptoslate.com/celsius-users-warned-about-phishing-attempts-due-to-e-mail-leak/