Dear TokenMarket Community,
Following a data breach earlier this week, hackers fraudulently disguised themselves as members from the blockchain company EOS and initiated a phishing email attack against TokenMarket newsletter subscribers. TokenMarket has been liaising with its service provider to understand how its subscribers were targeted.
In January 2018 our outsourced mailshot provider Mailgun experienced an incident where a customer API key was compromised. TokenMarket were not contacted directly regarding the matter which subsequently came to light during our investigation.
In the early hours of Thursday 31st May 2018 a TokenMarket API key was used to send a phishing email to TokenMarket recipients. It is likely the API key was compromised in a similar fashion to the earlier event experienced by the provider in January.
TokenMarket immediately disabled all API keys.
TokenMarket received further suspected phishing emails on June 11th 2018 from a different source which suggests that email addresses from the initial incident have been retained.
There is no evidence of a breach of security of TokenMarket infrastructure.
TokenMarket has now taken further precautions to protect against future phishing attacks.
In order to counter phishing emails:
Always check that the ‘SSL’ stamp is present on our TokenMarket website;
TokenMarket will never include external links in its newsletter. Beware of any external links that may be included in future TokenMarket newsletters as they be malicious.
TokenMarket will with immediate effect only send internal news links through its newsletter exclusively linking pages from www.tokenmarket.net
If for any reason external links to websites need to be included for any PR or news items, TokenMarket will provide these links separately on www.tokenmarket.net
If any community members have any further questions or receive any further phishing emails, please contact our Data Protection Officer David Finnecy at email@example.com.
– The TokenMarket Team