Celsius has revealed that an employee of Customer.io has accessed a list of user emails. The individual has since transferred the list to a third party. Celsius does not consider the incident to present any risk to their users. However, they have put out a Tweet warning clients of the situation. Moreover, Celsius has said that they are in communication with the team at Customer.io. The messaging platform has confirmed that no Celsius-related information was compromised other than those identified.
Nonetheless, the possibility of phishing attacks on the affected user emails looms. Celsius informed their users of the development via an email sent on the 26th of July. As per the email, the lending firm’s security has not been compromised.
How did Celsius’s client data leak?
This all connects to the OpenSea user email leak of late June 2022. Celsius identified that Customer.io was behind the breach, and the firm then removed all data from the messaging platform.
However, on the 8th of July, the lending platform was informed that a Customer.io employee accessed a list of client emails, which was then sent to a third party. Customer.io confirmed that no data other than the list of emails were compromised. However, there is no concrete evidence to support this, and Customer.io has not provided any proof to support their confirmation.
This leads to speculation about how Customer.io can guarantee that no other information was taken. Moreover, Celsius’s opinion of the minimum risk involved could be taken with a bit of salt. We may soon see an array of phishing attacks on clients.
Nonetheless, the firm has informed the concerned authorities about the breach. They view the development as a severe violation of vendor-client relations.