Edit: employee at customer.io, not Celsius. I misread, sorry!
We are writing to let you know that we were recently informed by our vendor Customer.io that one of their employees accessed a list of Celsius client email addresses held on their platform and transferred those to a third-party.
We do not consider the incident to present any high risks to our clients whose email addresses may have been affected but are releasing this communication to make sure you are aware.
We have been in ongoing communication with Customer.io. They have confirmed that no other Celsius-related data was compromised beyond those identified email addresses.
To state clearly, Celsius’ systems and security had not been involved or impacted. Celsius’ robust security and data protection management, and our focus on protecting our clients’ data, remain intact.
Context
On 30 June 2022, Celsius identified that one of its vendors, Customer.io, had been involved with a data breach connected to OpenSea. Celsius proceeded to remove all data held with Customer.io. We quickly contacted Customer.io and they responded that, as of that time, no Celsius data had been involved in their breach. Celsius requested all details surrounding the incident.
On 8 July 2022, Customer.io informed us that one of their employees had accessed a list of Celsius client email addresses from Customer.io’s platform, along with lists from several of their clients, and transferred these lists to a third-party bad actor. Customer.io confirmed that, other than the identified email addresses, no other Celsius client data was accessed or taken by the employee.
Evidence of this incident has not yet been provided to us by Customer.io.
Customer.io made a public statement on the matter
Further Information
Celsius sees this as a severe violation of vendor-client relations, and we have notified the appropriate authorities. Again, we do not consider the incident to present any high risks to our clients whose email addresses may have been affected. Should you wish to contact us for further information regarding the incident, please contact our data protection officer, Charles Roberts, at [email protected] for further information.
Sincerely,
Celsius
So done with these guys. Most incompetent management ive ever seen it could be a fuckin comedy skit. Literally dropping the ball then tripping on that ball and shitting their pants on the floor from the impact
This is bad if true
Wow difficult times for Celsius, what will be the next one ?..
2022 hasn’t been a great year for Celsius…
It’s an employee at [Customer.io](https://Customer.io), not Celsius.
Email leaks might not seem like a big deal to the average user but IIRC that’s how a lot of Ledger owners were targeted with emails and sophisticated social engineering scams.
So yeah we basicly sold your data to cover our debts. And yeah we also took your crypto. But don’t worry:)
Seriously wtf!!!
I wouldn’t doubt Alex selling the email addresses just to get back some $$$ and then call it a breach
Celsius gave me such good vibes of professionalism and legitness. I was sure that itll be the next big one.
All that evaporated in less than a month
Somebody needs to initiate a class-action lawsuit against these cocksuckers. This shit is ridiculous.
Another hit. Let see how many punch they can get.
So we know about them and unstoppable domains. I wonder who the other clients of customer.io whose records were leaked are.
It was nice of them to inform you a month later.