- The platform released a blog making the customers aware of the security incident.
- The intruder gained access to an employee’s system and sent false emails to the customers for collecting personal information.
The Sandbox, the decentralized gaming ecosystem, recently disclosed information regarding the intrusion of a third party into the platform, gaining access to the computer of an employee. Through hacking the system, the intruder accessed the customers’ email addresses and sent them emails “falsely claiming to be from The Sandbox.”
Notably, on March 2, The Sandbox released a blog regarding the intrusion of an unauthorized third party that the platform noticed on February 26. The platform issued the “Notice of the Security Incident” with the intention of making the community “understand what happened, what information was involved,” and what the platform would do to safeguard the customers.
Subsequent to the incident, the Chinese reporter Collin Wu shared a Twitter thread mentioning the security issue that The Sandbox witnessed:
In addition, Wu included the details of the malware that would be installed into the receiver’s system upon accessing the link attached to the email titled “The Sandbox Game (PURELAND) Access,” stating:
The email included hyperlinks to malware that may have the ability to remotely install malware on a user’s computer, granting it control over the machine and access to the user’s personal information.
Significantly, after identifying the detrimental condition, The Sandbox contacted the known recipients of the fake emails, “informing them it [email] was unauthorized.” In addition, the customers were warned not to open, play, or download anything from the hyperlinked website.
Additionally, the platform confirmed that it has made the necessary arrangements to block further security issues, stating:
We have blocked the employee’s accounts and access to The Sandbox, reformatted the employee’s laptop, and reset all related passwords including requiring two-factor authentication. We have not identified any further impacts.
Further, The Sandbox reassured that the third party was only able to access an individual computer, which he has done through “a malware application.”