Following the company’s disclosure that some of its client data had been compromised in a third-party data breach, Celsius depositors should be on the watch for phishing schemes.
Customer emails from Celsius have already been misused and published online.
Customers of Celsius were notified via email on Tuesday that an employee of one of its corporate data management and messaging partners had exposed a list of their emails.
According to Celsius, a Customer.io messaging platform engineer was responsible for the breach by disclosing user information to a malicious third party.
“We were recently informed by our vendor Customer.io that one of their employees accessed a list of Celsius client email addresses,” said Celsius in its email to customers. The data breach is part of the same incursion that leaked OpenSea customer email addresses in June.
However, Celsius downplayed the event, saying that there were no “major threats to our clients” and that they only wanted people to “be alert.”
“We know this was a result of the deliberate actions of a senior engineer who had an appropriate level of access to perform their duties and provided these email addresses to the bad actor.” Customer.io stated in a blog post on July 7. Since then, the employee has been fired.
Both the number of emails that were released and the platform where they were leaked were kept a secret.
But the cryptosphere has begun to alert Celsius users to phishing assaults, which often happen after an email data leak.
Phishing is a type of social engineering in which specific emails are sent to potential victims in an effort to coerce them into disclosing additional personal information or clicking links to nefarious websites that download malware and mine or steal cryptocurrency.
Customers of Celsius were apparently targeted by a bogus website posing as the real Celsius platform in April 2021 following a similar data theft. Some people got emails and SMS messages asking them to provide personal information and code words.
The business at the time said that hackers had acquired access to a third-party email distribution system it employs for distribution.
The hardware wallet manufacturer Ledger had perhaps the most well-known cryptocurrency data breach when its servers were compromised in 2020. Numerous victims experienced incalculable losses and even violent threats as a result of the corporation’s release of thousands of customers’ personal information online, but the company refused to make amends.