Crypto analytics firm Nansen reported a breach involving one of its third-party vendors. The hack exposed 6.8% of user emails and some blockchain addresses.
“Our team has been working day and night in the last 48 hours to mitigate the impact of this incident. The root cause here was that a breach on the vendor’s side gave an attacker access to admin rights in our account,” said Nansen CEO Alex Svanevik to Zenger News.
The breach, which occurred on Sep. 20, allowed the attacker unauthorized access to an account used to provision customer access to Nansen’s platform.
“For us, this is naturally very disappointing, but more importantly, it’s frustrating for those of our users who were impacted. We have strong data privacy policies and processes internally at Nansen, and we’ll continue investing in our security,” Svanevik added.
Nansen halted the unauthorized access and initiated an investigation.
This incident comes at a time when the global focus on digital assets and their security is intensifying, a topic that will be further explored at Zenger News’s Future of Digital Assets conference on Nov. 14. The conference aims to shed light on the evolving landscape of digital assets and the importance of robust security measures in the industry.
The compromised vendor, recognized for its services to Fortune 500 companies and other entities in the blockchain sector, is now under scrutiny.
“Nansen is not disclosing the name of the vendor but has asked them to communicate on the incident publicly in case others are affected,” said Svanevik when asked to name the vendor.
Preliminary findings from Nansen’s investigation revealed that 6.8% of its users were affected.
While the majority had their email addresses exposed, a smaller subset had their password hashes revealed, and an even smaller group had their blockchain addresses compromised.
Affected users were emailed about the nature of their data exposure.
Reacting to the incident, Nansen dispatched emails on Sep. 21 advising impacted users to reset their passwords. The company emphasized that while they don’t store passwords in plaintext, there’s a risk of attackers attempting brute force attacks on accounts using the exposed email and password combination.
Nansen assured users their wallet funds remain secure, as the company never requests private keys.
However, they cautioned users to be vigilant against potential phishing attempts and to verify the authenticity of emails purportedly from Nansen.
Produced in association with Benzinga
Edited by Judy J. Rotich and Newsdesk Manager