Blockchain-based metaverse company – The Sandbox – warned its users about a security breach through a malware application
The Sandbox Suffers Security Breach
According to an official blog post, an unauthorized third party accessed one of the employee’s computers and used information they found to send an email pretending to be from The Sandbox. Here is his statement:
“We have blocked the employee’s accounts and access to The Sandbox, reformatted the employee’s laptop, and reset all related passwords including requiring two-factor authentication. We have not identified any further impacts.”
The Sandboх informed that the security breach, which was first identified on February 26, allowed the third party to access several email addresses to which it then sent a message falsely claiming to be from the company.
The email in question, which contained an embedded malware hyperlink, was titled “The Sandboх Game (PURELAND) Access.” This allowed an exploiter to remotely install malware on a user’s computer, take control of the computer, and gain access to the user’s personal information.
The company warned of possible phishing attacks and urged users not to click on hyperlinks or other suspicious links in phishing emails to prevent malware from being installed on their computers. It also also encouraged users to strengthen their passwords and implement two-factor authentication.
According to The Sandboх, the third party’s access was limited to a single employee’s computer, accessed through a malware application. No other services or accounts of The Sandbox were breached.
Previously, all recipients were notified by email and passwords for compromised employee accounts were reset. The team is currently monitoring the situation and working to improve related security policies and practices.
The latest development comes just days after Trezor warned users of an active phishing campaign to steal funds by tricking users into entering their wallet recovery phrases on a fake website. Its rival, Ledger, suffered a massive data breach in 2020. Perpetrators publicly leaked the personal data of over 270,000 customers.
Check out more of our latest news here