Nansen Discloses Third-Party Vendor Security Breach

Nansen has confirmed that an attacker managed to gain access to its user information through a third-party vendor.

The blockchain analytics platform warned users that phishing attacks may be coming.

Nansen Security Breach – what happened?

Nansen reported that one of its third-party vendors had its systems compromised on Wednesday.

The attacker managed to gain admin rights to an account from which the vendor provisioned access to the platform.

The breach gave the threat actor access to user information including:

• Email addresses
• Password hashes
• Blockchain addresses

According to the company’s preliminary investigations, the breach impacted 6.8% of users.

However, Nansen said most victims only had their email addresses stolen. Hackers only gained access to smaller groups’ password hashes and blockchain addresses.

Nansen has since reached out to the affected users. The company asked them to change their passwords and do the same on other platforms where they use the same credentials.

In addition, it advised them to be wary of potential phishing attacks and double-check emails claiming to be coming from Nansen.

Some users have already confirmed on Twitter that they’ve got their email alerts.

The crypto analytics company didn’t reveal which of its vendors experienced the breach. It only said it’s a reputable organization that many Fortune 500 businesses rely on to manage their customer data.

Nansen has, however, asked the third-party vendor to disclose the breach.

Last week, Fortress Trust confirmed experiencing a similar incident after one of its third-party vendors suffered a phishing attack.

It also said the vendor works with many Fortune 500 businesses. Retool was later named as the company that had its systems broken into.

Fortress Trust also confirmed it lost up to $15 million (mostly in Bitcoin) in the attack.

The breach happened just before Ripple took over the company, accelerating the acquisition process.