The blockchain-based metavers company, the sandbox, warned its users of a security breach using a malicious app.
According to the official blog post, an unauthorized third party managed to gain access to the computer of one of its employees and used the information it found to send an email falsely claiming to be from The Sandbox. His declaration was as follows:
"We blocked the employee's accounts and sandbox access, re-formatted the employee's laptop and reset all associated passwords, including two-factor authentication. No additional impacts have been identified."
Security Breach
The sandbox said the security breach, First identified on the 26th of February, allowed the third party to access multiple e-mail addresses to which it subsequently sent a false corporate message.
The e-mail you're talking about, that was loaded with malicious software links, was titled "le jeu de bac a sable (pureland) acces." this has allowed the operator to remotely install malicious software on a user's computer, enabling the user to control the machine and access the personal information of the user.
The company warned against possible phishing attacks and urged them to avoid clicking on a hyperlink in the phishing email or any other suspicious links to prevent malware from being installed on their computers. It also recommended users strengthen their passwords and implement two-factor authentication,
The Sandbox, however, clarified that the third party’s access was limited to a single employee’s computer, accessed through a malware application. There were no violations of any other service or sandbox account.
To date, all receivers have been notified via email and compromised passwords on the employee's account have been reset. The team is now monitoring the situation and working to improve related safety policies and practices.
Scam attacks creeping in.
The latest development comes days after TREZOR warned its users about an active phishing attack to steal funds by making them enter the wallet’s recovery phrase on a fake website resembling that of the hardware cryptocurrency wallet provider.
Its rival, Ledger, suffered a massive data breach in 2020. The perpetrators publicly disclosed more than 270,000 clients' personal information.