In a recent development, Nansen, the renowned on-chain analytic platform, has issued an urgent security update to its user base. The company reported a security incident involving one of its third-party vendors, which has raised concerns regarding the safety and privacy of user data. Nansen CEO Alex Svanevik released an official statement addressing the incident and its aftermath.
Notification and Immediate Response
On September 20, Nansen received notification from one of its third-party vendors regarding a severe security breach within their systems. This breach allowed an unauthorized individual to gain access to admin rights for an account used in provisioning customer access to the Nansen platform. The company swiftly responded to this alarming news, taking immediate action to halt the unauthorized access.
Simultaneously, a comprehensive investigation was initiated to determine the extent and implications of the breach. As per Nansen, the third-party vendor in question is a well-established firm, utilized by numerous Fortune 500 companies and other entities within the industry to manage customer data. Nansen has called upon the vendor to publicly disclose the breach to ensure that others who may have been affected are made aware of the situation.
Impact on Users
Based on preliminary investigations conducted over the past 48 hours, it has been determined that approximately 6.8% of Nansen’s user base has been impacted by this breach. These affected users have had their email addresses exposed as a result of the incident. A smaller subset of affected users also had their password hashes exposed, while an even smaller group had their blockchain addresses revealed.
Nansen has proactively informed affected users via email regarding the specific impact on their accounts. As a security precaution, Nansen issued emails to affected users from [email protected] between 5 pm – 9 pm UTC on September 21, urging them to reset their passwords. Nansen said that all known affected users should have received this email communication. For users who may have missed the email, a manual password reset option is available at pro.nansen.ai/reset.
User Guidelines and Precautions
For those affected by this incident, it is strongly recommended by Nansen to change their passwords immediately. Nansen emphasizes that user passwords are not stored in plaintext. However, malicious actors may attempt brute-force attacks on accounts using compromised email addresses and passwords. It is crucial to remain vigilant and cautious about potential phishing attempts. Verify the sender of any communication claiming to be from Nansen.
Nansen also reassures its users that their wallet funds remain unaffected, as the company never requests private keys from its users. Nansen has expressed its understanding of the concerns raised by affected users and reaffirmed its commitment to safeguarding customer data. The company is working closely with the implicated vendor, external legal advisors, and cybersecurity experts to conduct a thorough and comprehensive investigation into the incident.
Nansen said that it is dedicated to acting swiftly and transparently in addressing the situation and keeping its user base informed. In addition, Nansen CEO Alex Svanevik extended gratitude to users for their understanding and support during this challenging time. The company remains resolute in its mission to uphold the highest standards of data security and privacy for its valued customers.
