Nansen, a prominent player in the cryptocurrency sector known for providing Ethereum blockchain analytics, has initiated a password reset for a subset of its users in response to a recent security breach involving one of its third-party vendors. The breach occurred when an attacker gained unauthorized access to an admin panel controlling customer access on Nansen’s analytics platform.
Although Nansen swiftly halted the malicious activity following notification from the vendor, a subsequent investigation confirmed that user data had been compromised. Preliminary findings indicate that 6.8% of Nansen’s users had their email addresses exposed, with a smaller portion having password hashes and blockchain addresses exposed as well.
Furthermore, to address the breach’s potential risks, Nansen has encouraged all impacted users to reset their passwords, emphasizing that even though the passwords were encrypted, the threat of brute-forcing remains plausible.
The company also underscores the increased phishing threat facing individuals whose details were exposed, as threat actors armed with knowledge of digital asset ownership and email addresses could target them more effectively.
Additionally, while Nansen has taken steps to notify impacted users via email notifications and initiate password resets, they stress that the investigation is ongoing, and the scope of the breach’s impact may be subject to revision. Consequently, they advise all Nansen users, whether notified or not, to reset their passwords as a precautionary measure against potential security threats.