Celsius was the victim of a data leak involving some of its customers, due to an incident involving a service provider. The emails have been extracted.
Things are not going well for the Celsius platform, which specializes in cryptocurrencies. You might even think it is getting worse and worse. The site, which has already had to declare bankruptcy, and which is obviously unable to return the money owed to everyone, was this time the victim of a computer accident. The data was collected and then disseminated without authorization.
The accident Has been reported on Twitter on July 28 on the account managed by Celsians, which broadcasts news about Celsius. ” We are writing to inform you that we have recently been notified by our Customer.io provider that one of its employees has accessed a list of Celsius customer email addresses stored on its platform and has passed them on to a third party. “
Customer emails roam nature. Beware of phishing
It appears, in the current state of the investigations carried out by Celsius and Customer, that only the e-mail addresses have been compromised. Clearly, a customer employee had access to an email list of a Celsius customer that was on the provider’s platform – the customer is an email platform that Celsius works with.
This employee then forwarded that list to a malicious third party. It is not clear if this submission is due to an error or if it was done voluntarily. However, the leak would be limited to emails only, although it is still possible to find the first and last name, if they appear in the identifier. No other information was exposed, Celsius said.
” We do not believe the incident poses a high risk to our customers whose email addresses may have been affected, but we are releasing this notice to make sure you are aware of it. “, Celsius states in his post, released in late July. A questionable claim, because these emails can be used for phishing campaigns.
Phishing is known to be common in the cryptocurrency space, as this method of acquiring personal information (such as usernames and passwords) can produce results. By recovering these items, hackers can access poorly protected accounts and thus steal funds, passing them from one wallet to another.
The extent of the content of this list is unknown. Celsius guarantees that, on his part, the security and integrity of his systems have not been compromised or implicated in this leak. The problem, identified as early as June 30 by Celsius, took nearly a month to go public. Meanwhile, on July 8, the nature of the incident had been established after the investigation.
The fact remains that it is through his partners that the concern arose. In terms of trade-offs, it doesn’t matter if the Celsius “link” is very strong: it’s the resistance level of the weakest link that matters in cybersecurity. And here, of course, it was the Client’s internal procedures, because it was not possible to prevent such disclosure.