Blockchain analytics firm Nansen warned users to change their passwords today following a security breach from a third-party vendor it claims resulted in 6.8% of its users suffering from either the exposure of email addresses, password hashes, or blockchain data.
Today’s letter from the Nansen CEO, Alex Svanevik, detailed how on September 20, a third-party vendor the company fails to name, which is used by Fortune 500 companies, suffered a security breach.
The perpetrator was reportedly able to gain access to the admin rights of a Nansen account in charge of facilitating customer access to the platform.
Fortunately, Nansen claims it “managed to stop the unauthorized access shortly after learning about it and launched an immediate investigation.” It also claims wallet funds are unaffected.
All affected users are said to have had their email addresses exposed, while “a smaller portion” had their password hashes exposed, and an even smaller group saw their blockchain address revealed.
Nansen says it has asked the unnamed third party to publicly disclose the breach. It also warned users to double-check any emails claiming to be the company during this time in case of a possible phishing attack. Affected users have also been told which exposure impacts them.
Last week, Fortress Trust lost $15 million in crypto funds as their third-party software provider suffered a phishing attack. Similarly, Trust refused to name the vendor (now known as Retool), describing it as a firm used by Fortune 500 companies. Trust claimed there was no loss of funds.