Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
According to the official blog, The Sandbox issued a security incident notice on February 26 that an unauthorized third party gained access to the computer of an employee of the team and used its permissions to send a false email claiming to be from The Sandbox . Titled "The Sandbox Game (PURELAND) Access," the email contained hyperlinks to malware that could remotely install malware on a user's computer, granting it control of the computer and access to the user's personal information right. The Sandbox said that after the unauthorized access was discovered, the recipient was notified and the employee's account and access to The Sandbox were disabled, and no further impact has been identified. Attack method (per SlowMist): Phishing Attack. Reported loss: -.
- chain
- —
- protocol
- The Sandbox
- bug_class
- access-control
- date_occurred
- 2023-02-26
- loss_usd
- —
- source_id
- sm:the-sandbox::2023-02-26