• Celsius Admits Third-Party Data Breach Leaked Customer Emails

  • Users of Celsius should be on the lookout for phishing scams.

    Customers were informed by the bitcoin lender after their emails were stolen due to a data breach.

    Celsius notified consumers via email late Thursday that an employee at its email delivery partner Customer.io acquired a list of client emails and transferred them to an unauthorized person.

    The beleaguered company stated that it did not believe the breach posed “high risks,” and that it had been notified that no additional Celsius-related data was exposed other than identifiable email addresses.

    OpenSea, a collectibles platform, alerted members about a month ago that their email information had been hacked in a similar leak. Customer.io was also at blame for the event, as one of its employees abused their access. The vendor stated that the employee in question had been fired, had all access withdrawn, and had been reported to police enforcement.

    After learning that Customer.io was one of its vendors, Celsius stated that it proceeded to delete data held by the company following the OpenSea incident. The vendor discovered no Celsius data involved in the incident at the time.

    However, Celsius was told on July 8 that it, too, had been affected by the same culprit. Customer.io stated in a statement that the email dumps affected five clients in addition to OpenSea. “We do not expect to learn any new information because this event was caused by the acts of a single employee who had lawful access to these email addresses as part of the individual’s employment,” the statement continued.

    Celsius clients resorted to Twitter to express their dissatisfaction with the lender’s ongoing problems.

    After declaring bankruptcy on July 13, the company is in the process of reorganizing its assets. According to a court document, Celsius has $5.5 billion in obligations and $4.3 billion in assets, creating a $1.2 billion gap on its balance sheet.

    While Celsius was eager to dismiss the risk to its users, past data breaches have revealed that impacted users have really lost money as a result of phishing assaults.

    When hardware wallet maker Ledger’s marketing information was compromised in July 2020, its users were targeted with cunning scams aimed to steal their coins.

    Shopify, the e-commerce giant through which Ledger sold its wallets, was also chastised by users for “repeatedly and deeply” failing to protect consumer identities. In April, both firms were sued after victims lost some of their crypto holdings.

    What's your reaction?