Phishing dangers increase as Celsius admits client email breach

In an email to clients, Celsius stated, “Our vendor Customer.io just alerted us that one of their workers accessed a collection of Celsius client email addresses.” The data breach is part of the same intrusion that exposed the email addresses of OpenSea customers in June.

However, Celsius has downplayed the severity of the issue, noting that it does not “present a major danger to our clients” and urging users to “be alert.”

In a blog post published on July 7, Customer.io stated, “We know this was caused by the purposeful acts of a senior engineer who had adequate access to fulfill their tasks and delivered these email addresses to the malicious actor.” Since then, the employee has been sacked.

The number of leaked emails and the platform to which they were released were not disclosed.

However, the crypto community has begun to caution Celsius users about phishing attempts, which typically follow a data compromise involving email accounts.

Phishing is a type of social engineering in which targeted emails are sent to dupe users into divulging additional personal information or clicking links to malicious websites that install software to steal or mine cryptocurrency.

During a similar data breach in April 2021, a bogus website claiming to be the legitimate Celsius platform allegedly targeted Celsius customers. Some individuals received text messages and emails requesting personal information and seed phrases.

The corporation said that hackers had compromised its third-party email distribution system.

Perhaps the most infamous crypto data breach occurred in 2020 when the servers of hardware wallet manufacturer Ledger were compromised. The online dissemination of tens of thousands of consumers’ personal information resulted in unfathomable losses and even violent threats for many victims, yet the corporation refused to reimburse them.