DO NOT CLICK ANY LINKS FROM THE PREVIOUS EMAIL !!!
tl;dr â The email platform we use to send you these newsletters suffered a cyber security incident today. We urge extra diligence in reviewing emails at this address.
We regret to inform you that malicious actors were able to access the internal systems of the third-party email distribution service we use by targeting its employees and exploiting their internal administrative tools. According to the notice we received from that service today, the focus of the hackers was exclusively on cryptocurrency-related accountsâincluding ours.
For Decrypt, the perpetrators could only access email addresses, and we do not store or cross-reference any other information in this system. While this is a very limited data set, it can unfortunately be used to target people who are interested in cryptocurrency (or other topics that we cover) in phishing attacks.
Although other affected publishersâ accounts were used to send out phishing attacks, as of this notice, our account was not used in this way. It also does not appear our subscriber list was exported, and according to the service, the hacker or hackers did not access any other resources.
As you probably know, crypto scams are both pervasive and increasingly sophisticated. Decrypt, along with nearly every other Web3 firm, has been impersonated or otherwise used as an attack vector. Hackers have gone as far as to set up entirely separate websites, fake Discord servers, and social media accounts impersonating our staff.
Please be careful out there. And thank you for reading Decrypt.
Our email service says it has reset affected user passwords, resolved the security issue, and halted the attack. In addition to 24-hour monitoring in “the coming days,” they will make changes to their internal processes and focus on better security training. They will also report the incident as data controller of its EU clientsâ personal data to the appropriate authorities.
For more information, please contact our designated data protection officer at dpo@decryptmedia.com.
This email serves as “communication of a personal data breach to the data subject” according to Article 34 of the GDPR.
Follow Decrypt on Social Media
Enjoying our emails? Forward this to a friend! They can subscribe here.