Nansen warns suppliers of potential phishing attacks after security incident exposes customer data

Nansen Cryptoanalytics Platform reports a customer data breach and responds quickly.

Crypto analytics platform Nansen has revealed that a bad actor accessed its administrative systems to configure customer accounts. A security breach at one of Nansen’s third-party vendors on September 20 compromised customer access, highlighting the ever-present digital risks, especially in the evolving space of blockchain technology and cryptocurrencies.

According to posts on the official Nansen X account, the vendor is an established entity trusted by Fortune 500 companies in the same industry to manage customer data. The breach exposed administrative privileges of an account used to provide customers with access to the Nansen platform, a serious issue that Nansen quickly addressed upon becoming aware of.

Preliminary investigations showed that about 6.8% of Nansen users were affected by the incident. The email addresses of these users were made public, and a small number of users also found that their password hashes and blockchain addresses were exposed.

Following the incident, Nansen quickly contacted affected users via email to explain the extent of their exposure and the necessary precautions to prevent further potential breaches; a password reset was initiated between 5pm and 9pm UTC on September 21, with email requests sent to affected users via support@nansen.ai. Users were also asked to manually reset their passwords on the Nansen platform.

What does this mean for affected users?

Although Nansen claims that they do not store passwords in plain text, they are urged to change their passwords immediately. The risk of brute force attacks on accounts using exposed email addresses and passwords remains a potential threat. However, since Nansen does not require private keys, users' wallet funds remain unscathed. The company also warns users to be vigilant against phishing attempts.

Nansen's commitment to protecting customer data was evident following this incident, as they worked with the affected vendor, outside legal counsel, and cybersecurity experts to conduct a thorough investigation. Nansen assured its users that it is committed to transparency and timely communication as it navigates the aftermath of this security breach. #WEB3  #Nansen