The Sandbox blockchain game notifies its users to be wary of fraudulent emails that impersonate their game. Based on reports, the blockchain entity experienced a data breach incident that allowed the hackers to distribute emails that contained a malicious link with malware.
Sandbox is a blockchain open-world multiplayer video game played by more than 350,000 users monthly. The game allows players to build, own, and monetise interactive content like items, virtual worlds, and experiences.
This multiple-player game allows users to generate different profit methods, like earning their native “SAND” toke that could be traded on Coinbase and Binance. Gamers could also create pixel art NFTs to sell on the Sandbox NFT marketplace.
The threat actors gained initial access to Sandbox blockchain by hacking an employee.
According to investigations last month, the adversaries hacked a staff in Sandbox blockchain to acquire access to multiple email addresses owned by the company.
Subsequently, the hackers exploited the access to disseminate emails to numerous users. The threat actors impersonate the gaming platform and distribute malicious links that host malware.
Fortunately, a Sandbox representative clarified that the attackers had only obtained limited access to the impacted employee’s device. Hence, the threat actors did not gain access to any other accounts or services within the company.
However, the impact of this recent cybercriminal operation could be felt by users if they have accessed the links in the emails sent by the hackers that impersonated the Sandbox.
The Sandbox security team quickly addressed the situation and identified the recipients of the malicious emails distributed by the hackers. The company stated that they have already deployed the follow-up emails to those who received the malware-laden emails.
Moreover, the company explained in their follow-up emails that the users should not download or access anything from the website offered by the malicious emails.
The Sandbox blockchain gaming company blocked the compromised account from its network. Lastly, the firm’s security team reset all the employee passwords, and they have now adopted a two-factor authentication tool for all the accounts.
