- Celsius states an engineer at the Customer.io messaging platform leaked the data to a third-party actor.
- Celsius notified its customers via email that a list of their email addresses had been exposed by a staff of one of its corporate data management and messaging partners.
Crypto lending service Celsius disclosed that some part of its customer data had been leaked in a third-party data breach. Reportedly, a Customer.io messaging platform engineer gained access to a list of Celsius client emails from an internal database and transferred it to a third-party bad actor. The number of emails leaked nor the kind of information leaked is yet to be disclosed.
On July 7, Customer. io-whose employee was responsible for the present data breach, put out a blog post taking accountability for the leak.
“We know this was a result of the deliberate actions of a senior engineer who had an appropriate level of access to perform their duties and provided these email addresses to the bad actor.” The platform further added that they do not expect to learn any additional information since the incident resulted from the actions of a single employee who had legitimate access to these email addresses as part of the employee’s job. The messaging platform had further expelled the engineer.
It is worth noting that Customer.io was the same platform involved in the data breach on leading NFT marketplace OpenSea. Earlier this week, Celsius notified its customers via email that a list of their email addresses had been exposed by a staff of one of its corporate data management and messaging partners. In an attempt to calm customers, Celsius’s email reads, “We do not consider the incident to present any high risks to our clients whose email addresses may have been affected but are releasing this communication to make sure you are aware”.
This is not, however, the first time Celsius has been subjected to email data breaches. Last year, the crypto lending service discovered a data breach in which hackers accessed a “third-party email distribution system” Celsius uses. As part of the 2021 hacking, some customers received SMS and emails prompting them to reveal personal information and seed phrases.
MetaMask security analyst “harry.eth” took to Twitter to warn Celsius users of potential phishing emails that could be sent to them due to the leak. He had warned Celius customers to be aware of shady emails that start with “verify your wallet to withdraw your funds.”
The recent data breach only adds to Celsius’s never-ending list of woes and problems. The market volatility has pushed the lending service into bankruptcy. Following the exposure of TerraUST/LUNA, Celsius had to halt withdrawals which eventually ended up with the firm filing for bankruptcy.
According to court filings, Celsius has a roughly $1.2 billion hole in its balance sheets, according to bankruptcy filings. It had $5.5 billion in total liabilities as of July 13, including over $4.7 billion owed to Celsius’s users. Celsius is now focused on financial restructuring to win back lost investor confidence.