[Warning]: Crypto firm Nansen ask users to reset their password

[Dave1]

https://twitter.com/nansen_ai/status/1705137387838574904

I'm not sure if this has been shared in our community, but if you received this email, then it's real as it comes from their official twitter account.

"These users had their email addresses exposed, a smaller portion also had password hashes exposed, and a last, smallest group also had their blockchain address exposed."

So if you are part of those account holders that have been exposed as her Nansen, then you have to reset everything. It's not a direct data breached though, it was a  third-party vendors that has been compromised. Nevertheless, it's best for them to inform everyone and should take precautions.

[1714606805]

1714606805

[JeromeTash]

This goes to show the dangers to handing over our sensitive data to such platforms. Of course, most of them promise to securely handle customer data through their privacy policies, but promises are always broken.
I wonder how many data breaches happen behind our backs and end up never getting published about. Very often, my email address related to crypto activities gets bombarded with spam and phishing links from time to time, and I can easily tell that it has somehow been exposed or leaked from some site I registered.

[Nwada001]

I read through this news. I don't know if it was somewhere on this forum or in a news site, but according to the news, it was stated that the incident that led to the data bridge was not directly from them but from one of their vendors, which has quite a good number of customers, and the company is not ready to send mail or come out to the public to verify the claim and warn their customers directly as they believe it might affect their company's reputation.
 
So Nansen took it upon themselves to warn their entire user base, both from other companies that are using their services, to reset their password and also change their emails, as it might be that they have also gotten affected. By doing this, they know that the major people who are affected will be able to get the notification and do the needful.
 
This period, it seems like there is an increase in hacking activities. I don't know if there is anything that hackers have recently discovered, which is that they are helping them access large databases and doing their things without the security team detecting them, and before they could be detected, they had done a lot of damage to the company, either by making away with funds or data that will aid them in doing that in the future.
 

[Jating]

This goes to show the dangers to handing over our sensitive data to such platforms. Of course, most of them promise to securely handle customer data through their privacy policies, but promises are always broken.

Yes, it's really hard to trust those platforms, I mean they promise to hold ours sensitive data with care. However, there are times that really this hackers were able to break them apart, hence stealing our information and we really don't know what's going to happen to our data except that it will be used again to hack or attempt to steal our crypto.

I wonder how many data breaches happen behind our backs and end up never getting published about. Very often, my email address related to crypto activities gets bombarded with spam and phishing links from time to time, and I can easily tell that it has somehow been exposed or leaked from some site I registered.

As far as I know there are a lot though, even in those years wherein bounty campaigns are very early. But in the latter part they ask for personal information from their participants and then we heard that it is intentionally sold in the dark market, or hackers were able to exploit this project and then get our data. So I wouldn't be surprised if there were another huge phishing attempts in the next couple of months because of this breached.

[Yaunfitda]

I read through this news. I don't know if it was somewhere on this forum or in a news site, but according to the news, it was stated that the incident that led to the data bridge was not directly from them but from one of their vendors, which has quite a good number of customers, and the company is not ready to send mail or come out to the public to verify the claim and warn their customers directly as they believe it might affect their company's reputation.
 
So Nansen took it upon themselves to warn their entire user base, both from other companies that are using their services, to reset their password and also change their emails, as it might be that they have also gotten affected. By doing this, they know that the major people who are affected will be able to get the notification and do the needful.
 
This period, it seems like there is an increase in hacking activities. I don't know if there is anything that hackers have recently discovered, which is that they are helping them access large databases and doing their things without the security team detecting them, and before they could be detected, they had done a lot of damage to the company, either by making away with funds or data that will aid them in doing that in the future.

Yes, it was not Nansen themselves that was affected directly, but a 3rd party, a vendor that might be holding their data or is task to do the verification. And if I'm not not mistaken, it was a practice by some crypto exchanges as well. They hired a 3rd party to handle their KYC so that they wouldn't have the burden to do that everytime.

But it this case, Nansen just want to make sure and so they inform their user base to reset their password just to make sure that they are safe or at least the attempts if any will not be successful by those hackers or those who got the data right now.

[Kemarit]

I read through this news. I don't know if it was somewhere on this forum or in a news site, but according to the news, it was stated that the incident that led to the data bridge was not directly from them but from one of their vendors, which has quite a good number of customers, and the company is not ready to send mail or come out to the public to verify the claim and warn their customers directly as they believe it might affect their company's reputation.
 
So Nansen took it upon themselves to warn their entire user base, both from other companies that are using their services, to reset their password and also change their emails, as it might be that they have also gotten affected. By doing this, they know that the major people who are affected will be able to get the notification and do the needful.
 
This period, it seems like there is an increase in hacking activities. I don't know if there is anything that hackers have recently discovered, which is that they are helping them access large databases and doing their things without the security team detecting them, and before they could be detected, they had done a lot of damage to the company, either by making away with funds or data that will aid them in doing that in the future.

Yes, it was not Nansen themselves that was affected directly, but a 3rd party, a vendor that might be holding their data or is task to do the verification. And if I'm not not mistaken, it was a practice by some crypto exchanges as well. They hired a 3rd party to handle their KYC so that they wouldn't have the burden to do that everytime.

But it this case, Nansen just want to make sure and so they inform their user base to reset their password just to make sure that they are safe or at least the attempts if any will not be successful by those hackers or those who got the data right now.

It's a total different niche to be in right now, a 3rd party vendor to all crypto related thingy, it's going to be hard and difficult and every ounce of security, you really need to be at top of your game. However, this cyber criminals are good at casing their victims, as they will target and zone on them and will do everything like attacking the employees, sending phishing links on them, and once they are trap, this criminals will used that credentials they have stolen and slowly worked their way up to the top and get everything they needed. Too bad for the 3rd party though, for sure Nansen will have to drop them and replaced by a new company. But as we have said, the damage has been done already. Nansen users and their data has been breach already and this criminals will have to make money out of by sending more phishing links or sell the info to another criminals in the dark market. So this is just a heads-up from Nansen and make sure that they did something on their part to warned everyone that they could be getting emails in the next couple of months and maybe it's a good practice to change email within the Nansen ecosystem.

[JollyGood]

This period, it seems like there is an increase in hacking activities. I don't know if there is anything that hackers have recently discovered, which is that they are helping them access large databases and doing their things without the security team detecting them, and before they could be detected, they had done a lot of damage to the company, either by making away with funds or data that will aid them in doing that in the future.

Nansen have put the blame on the vendor side publicly because that is what probably happened but they also did it to try to reassure customers they did not do anything wrong to facilitate the hack inadvertently. Having said that, the company is not going to shake off the fact they have been hacked.

One thing to consider is that maybe the hackers did not want or expect to retrieve useful data, it is possible they wanted to test how robust the security system was before they move on to bigger targets.

[joniboini]

And if I'm not not mistaken, it was a practice by some crypto exchanges as well. They hired a 3rd party to handle their KYC so that they wouldn't have the burden to do that everytime.

It is unfortunate that things like this become the norm. On the other hand, I guess we can't blame them if the cost of doing everything on their own is too high. It would be cool if stuff like this became transparent, although it doesn't change much how people should approach service like this.

At the very least this should increase awareness that people should always use different passwords for each service that they use. They should also use an open-source password manager instead of a centralized service like LastPass.

[tabas]

I don't use their service so I'm safe even if it's the fault of the third party. But thanks for this OP, like what we're thinking of being safe, we just can't be safe at all times with our credentials through these services that we have been using.

It's not a direct data breached though, it was a  third-party vendors that has been compromised.

Based on the letter, 6.8% of their user's data were affected within 48 hours or so which means that there was a direct impact and breach on them. How many could that be with their entire database as the third-party vendor as said is also used by fortune 500 companies? That's a big breach IMHO and it's just that they're not crypto-related companies. Hopefully those other companies that have been using that third party service are also going to notify their users that they've been affected and give reminder to do something.