Nansen Security Alert: Protecting Our Users
Nansen, a well-established and respected on-chain analytics platform, has felt compelled to issue a precautionary security advisory to its valued user community in light of an unfortunate security breach originating from a third-party vendor.
The unfortunate security compromise, which unfolded in recent days, regrettably paved the way for cyber adversaries to illicitly acquire password hashes pertaining to Nansen users, thereby necessitating a swift and diligent investigative response.
Security Breach Alert: Nansen Users' Password Hashes at Risk
On the 20th of September, Nansen's vigilant security team was promptly alerted to a breach within the previously sturdy protective measures of one of its trusted third-party vendors. This lamentable breach, regrettably, granted unwarranted access to an account entrusted with overseeing customer access to the esteemed Nansen platform.
In a transparent and forthright manner, Nansen has publicly acknowledged the third-party vendor involved as a reputable entity, catering to the needs of numerous Fortune 500 corporations and other influential players within the dynamic crypto industry. It is noteworthy that Nansen has also conscientiously advised the said vendor to responsibly disclose this breach to ensure that other potential victims are duly informed.
???? Important update from us at Nansen. Please take a moment to read this. pic.twitter.com/syKE0sNnC6— Nansen ???? (@nansen_ai) September 22, 2023
Initial insights gleaned from the exhaustive investigative endeavors conducted over the course of the past 48 hours have regrettably revealed that approximately 6.8% of Nansen's esteemed user base has fallen within the ambit of this breach's impact. These individuals found their email addresses exposed, with a subset also facing the unfortunate revelation of their password hashes and blockchain addresses coming under compromise.
Immediate Measures Taken by Nansen Post Security Breach
In the wake of this unsettling incident, Nansen has taken swift and resolute action by dispatching informative emails to the affected users. These emails serve the dual purpose of enlightening users regarding the extent of their exposure and, crucially, recommending a judicious course of action, namely the resetting of their passwords.
Users are earnestly urged to effectuate this password reset as a prudent measure, given the potential threat of unauthorized access that may emanate from the compromised email addresses and password hashes.
Furthermore, it bears emphasis that the company stands unwavering in its commitment to safeguarding users' funds stored securely in their wallets. Nansen, in its commendable practice, never solicits private keys from its users. Nevertheless, clients are admonished to maintain a vigilant stance in the face of potential phishing attempts and to exercise due diligence in verifying the authenticity of any communications purporting to originate from Nansen.
Addressing this formidable security challenge head-on, Nansen's astute CEO, Alex Svanevik, underscores the organization's unequivocal dedication to transparency and effective user communication. He conveys, "We wholeheartedly empathize with the concerns of our valued users who have been impacted by this unfortunate incident. Safeguarding the sanctity of customer data remains an absolute priority for us, and in this spirit, we are diligently collaborating with the third-party vendor, engaging the services of external legal advisors, and consulting with cybersecurity experts to conduct a thorough and exhaustive investigation."