- Celsius reported today that a Customer.io employee breached its list of user email addresses last month.
- OpenSea was the first target of this breach; however, further investigations have found other companies were also affected.
- The incident comes at a difficult time for Celsius, which recently suspended user withdrawals and filed for bankruptcy.
Share this article
Celsius said today that a list of client email addresses was leaked through the automated messaging platform Customer.io.
Customer.io Leaked Celsius Email List
A Customer.io employee has leaked a list of email addresses belonging to Celsius customers.
Today, Celsius sent an email to its users indicating that “one of [Customer.io’s] employees accessed a list of Celsius client email addresses.” The employee then sent those addresses to an unnamed, malicious third party.
The beleaguered crypto lender stated that the addresses had been held in Customer.io’s records for marketing purposes and that user accounts were not directly breached. Celsius also said that the incident did not “present any high risks to our clients” and that, while it has yet to see proper evidence of the breach, it had chosen to bring it to its users’ attention.
According to Celsius, the data breach is part of the same attack that leaked user email addresses tied to the NFT marketplace OpenSea in late June. At the time, Celsius had been told that none of its data had been compromised. However, as a precaution, it removed all of its data from Customer.io and then attempted to verify that the information had indeed been erased from the platform.
Yet on July 8 Customer.io notified Celsius that, upon further investigation, it had found that one of its employees had in fact accessed the list of user email addresses. Customer.io said today that five other companies other than OpenSea were targeted in the breach. Unstoppable Domains appears to be one of them.
In response, Customer.io said that the employee responsible for the breach has been terminated and reported to law enforcement.
Though email address theft is not uncommon, the incident comes at an unfortunate time for Celsius. The firm, which has been suffering from a liquidity crisis which it claims was prompted by “extreme market conditions,” suspended user withdrawals in June and is now engaged in bankruptcy proceedings.
Disclosure: At the time of writing, the author of this piece owned BTC, ETH, and other cryptocurrencies.