Celsius has confirmed that a list of customer email addresses was stolen by an employee of Customer.io, raising the risk of phishing attacks by malicious third parties.
According to Celsius, email addresses were placed on Customer.io to manage marketing campaigns, and for this reason, no account details were linked to the data. Celsius was quick to downplay any potential risk from theft, claiming that the leak “does not present any high risk to our customers.”
Despite Celsius’ claim, the leaked information would open up customers to additional threat vectors when they can least afford it. On 13 June Celsius suspended all customer withdrawals, blaming “excessive market conditions”.
another great mess
The latest piece of misery for Celsius users is not unique to the beleaguered lender.
On July 1, a Customer.io employee accessed OpenSea’s email database. Then they leaked that data to an outside party. It now appears that the same former employee was behind the Celsius breach.
On Thursday Celsius sent one E-mail To confirm to their customers: “Customer.io informed us that one of their employees has received a list of Celsius client email addresses from Customer.io’s platform, along with lists of their multiple customers, and that these lists have been merged into one. Was transferred to a third-party bad actor. Customer.io confirmed that, apart from the email addresses identified, no other Celsius client data was accessed or taken by the employee.
Despite this, questions remain about the breach and the role played by Celsius. According to the email Celsius first identified there was a potential problem on 30 June. At that point they deleted all Celsius email data held by Customer.io.
Customer.io confirmed that one of its employees accessed the Celsius email database on July 8. The obvious question is why did Celsius wait until July 28 to notify its customers of the breach?
not impressed
The response to the latest disaster at Celsius was less than positive.
Richard Hart summarized the general sentiment when he tweeted“Celsius. First, they lose your money, then they lose your data.”
Dil labeled Celsius CEO Alex Mahinsky as “scum”.
Feather June 12A day before Celsius suspended withdrawals, Mahinsky took to Twitter to call out “FUD and misinformation” on the project. The CEO continued, “Do you know a single person who has a problem withdrawing from Celsius?”
Mahinsky stopped posting on the social media platform on June 15.
What did you think of this topic? Write to us and let us know!