Phishing risks escalate as Celsius confirms client emails leaked

cointelegraph.com:

Celsius depositors should be on the lookout for phishing scams after the company revealed some of its customer data had been leaked in a third-party data breach. 

On Tuesday, Celsius sent an email to its customers informing them that a list of their emails had been leaked by an employee of one of its business data management and messaging vendors.

According to Celsius, the breach came from an engineer at the Customer.io messaging platform, who leaked the data to a third-party bad actor.

“We were recently informed by our vendor Customer.io that one of their employees accessed a list of Celsius client email addresses,” said Celsius in its email to customers. The data breach is part of the same incursion that leaked OpenSea customer email addresses in June.

Announcement from Celsius: “We are writing to let you know that wewere recently informed by our vendorhttps://t.co/452EROQtbc that one of their employeesaccessed a list of Celsius client emailaddresses held on their platform andtransferred those to a third-party.”

Celsius has, however, played down the incident stating that it did not “present any high risks to our clients,” adding that they just wanted users to “be aware.”

On July 7, Customer.io wrote in a blog post that “We know this was a result of the deliberate actions of a senior engineer who had an appropriate level of access to perform their duties and provided these email addresses to the bad actor.” The employee has since been terminated.

The number of emails leaked was not disclosed, nor was the platform to which they were leaked.

However, the crypto community has started to warn Celsius users of phishing attacks which usually follow an email data breach.

Phishing is a form of social engineering in which targeted