On June 6, we identified an error that resulted in the temporary exposure of some customer email addresses to an online text storage site used primarily by developers. The only impacted email addresses were those used by customers to automatically receive notifications from their workspaces. The upload was immediately detected by Fireblocks’ security team, and the affected email addresses were removed from the site.
The potentially impacted customers were notified of the exposure and advised to consider taking additional security measures as a precaution. We have no reason to believe that the emails were viewed by any third party and no indication to date that any customers have been adversely impacted.
Nonetheless, even the temporary exposure of email addresses to a public website may increase the risk of social engineering. Our goal is to be as transparent as possible regarding the nature of this incident as well as its potential impact so that affected customers have every opportunity to take additional precautions. In addition to this posting, Fireblocks has already informed all potentially affected customers of this incident directly.