Celsius Confirms: Phishing Risks Increase After Client Email Leak
Table of contents
As per Celsius, a Customer.io messaging platform developer was responsible for the hack by disclosing the information to a malicious third party.
In an email to clients, Celsius stated,
"We were recently informed by our vendor Customer.io that one of their employees accessed a list of Celsius client email addresses."
The hack that exposed the email addresses of OpenSea customers in June also included the data leak. Even so, Celsius downplayed the event, claiming that it didn't "present any undue risks to our consumers" and that they only asked them to "be aware."
Customer.io stated in a blog post on July 7 that-
"We know this was a result of the deliberate actions of a senior engineer who had an appropriate level of access to perform their duties and provided these email addresses to the bad actor."
Since then, the employee has been fired. Both the number of emails that were released and the platform where they were hacked were kept secret. But the crypto sphere has begun to alert Celsius consumers to phishing assaults, which often happen after an email data leak.
Targeted Email Phishing
Phishing is a sort of social engineering in which targeted emails are sent to potential suspects in an attempt to coerce them into disclosing more personal details or clicking links to malicious websites that download malware to steal or mine cryptocurrency.
Similar data theft in April 2021 resulted in Celsius customers being targeted by a phony website posing as the real Celsius platform. Some received SMS and emails asking them to provide personal information and seed words. The company, at the time, said that hackers had acquired access to a third-party email distribution network it uses for distribution.