Third-party code, Breach

Nansen impacted by third-party breach

BleepingComputer reports that Ethereum blockchain analytics firm Nansen has disclosed that its third-party authentication provider was impacted by a data breach, which resulted in the compromise of data from 6.8% of its user base over a 48-hour period. Infiltrating the vendor enabled attackers to access an admin panel involved in Nansen customer access, resulting in the exposure of users' email addresses, as well as password hashes and blockchain addresses for a smaller portion of users, according to Nansen. Immediate password resets for impacted individuals have been urged by Nansen, which noted that brute-force attacks could be launched by threat actors to pry encrypted passwords. While no wallet funds were affected by the third-party breach, users should be vigilant against phishing attempts, said Nansen CEO Alex Svanevik in the company's data breach notice. "We are working closely with the vendor, our external legal advisors, and cybersecurity experts to conduct a full investigation," said Svanevik.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.