Key points to remember
- Celsius reported today that a Customer.io employee breached its list of user email addresses last month.
- OpenSea was the first target of this breach; however, further investigations revealed that other businesses were also affected.
- The incident comes at a difficult time for Celsius, which recently suspended user withdrawals and filed for bankruptcy.
Share this article
Celsius said today that a list of customer email addresses had been leaked through the Customer.io automated messaging platform.
Customer.io Leaked Celsius mailing list
A Customer.io employee leaked a list of email addresses belonging to Celsius customers.
Today, Celsius sent an email to its users stating that “one of [Customer.io’s] employees accessed a list of Celsius customer email addresses. The employee then sent these addresses to an anonymous malicious third party.
The beleaguered crypto lender said the addresses were kept on file with Customer.io for marketing purposes and user accounts were not directly breached. Celsius also said the incident “presented no elevated risk to our customers” and that, while it has yet to see proper evidence of the breach, it chose to bring it to the attention of its customers. users.
According to Celsius, the data breach is part of the same attack that leaked user email addresses linked to the OpenSea NFT marketplace in late June. At the time, Celsius was informed that none of its data had been compromised. However, as a precaution, he deleted all his data from Customer.io and then tried to verify that the information had indeed been erased from the platform.
However, on July 8, Customer.io informed Celsius that, after further investigation, it had discovered that one of its employees had in fact accessed the list of user email addresses. Client.io said today that five other companies other than OpenSea were targeted in the infringement. Unstoppable Domains seems to be one of them.
In response, Customer.io said the employee responsible for the breach had been fired and reported to law enforcement.
Although email address theft is not uncommon, the incident comes at an unfortunate time for Celsius. The company, which has suffered from a liquidity crunch it says was caused by “extreme market conditions”, suspended user withdrawals in June and is now in bankruptcy proceedings.
Disclosure: At the time of writing this article, the author of this article owned BTC, ETH, and other cryptocurrencies.