An employee at one of Celsius’ vendors leaked a list of customer emails to a “third-party bad actor,” according to the company.
The crypto lender said in an email Thursday that it was hit by the same Customer.io data breach that impacted OpenSea as well.
Although Celsius doesn’t think that its customers face “any high risks,” it does see the data breach as a “severe violation of vendor-client relations” and has contacted the appropriate authorities, the company said.
Five other Customer.io customers were affected beyond OpenSea, according to an update from the company.
Customer.io initially said on June 30 that no Celsius data had been affected, Celsius’ email said. On July 8, however, the company warned that a list of Celsius customer emails had in fact been leaked, even though Celsius had removed all data held with Customer.io right after finding out about the incident.
Customer.io also said that “no other Celsius client data was accessed or taken by the employee.”
The employee in question was a senior engineer that has since been fired, Customer.io’s update noted.
“We do not expect to learn any additional information since this incident resulted from the actions of a single employee, who had legitimate access to these email addresses as part of the employee’s job,” it also said.
© 2022 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
Catarina is a reporter for The Block based in New York City. Before joining the team, she covered local news at Patch.com and at the New York Daily News. She started her career in Lisbon, Portugal, where she worked for publications such as Público and Sábado. She graduated from NYU with a MA in Journalism. Feel free to email any comments or tips to [email protected] or to reach out on Twitter (@catarinalsm).