The popular NFT marketplace OpenSea has recently disclosed a data breach affecting its users and subscribers. The service warns everyone to be wary of potential phishing attempts exploiting OpenSea’s name.
OpenSea Data Breach
According to a recent blog post, OpenSea has suffered a data breach due to third-party interference.
As revealed, the breach happened as one of the employees from their email delivery vendor, Customer.io, unauthorizedly downloaded OpenSea’s email data and shared it with a third party.
We recently learned that an employee of Customer.io, our email delivery vendor, misused their employee access to download and share email addresses – provided by OpenSea users and subscribers to our newsletter – with an unauthorized external party.
Regarding the extent of the incident’s impact on the customers, OpenSea explains that anyone who signed up or shared the email address with OpenSea should assume the impact.
Users Stay Wary Of Phishing
The firm has confirmed investigating the matter with Customer.io, besides reporting it to the law enforcement authorities.
Nonetheless, they warn the users to watch out for email security at their end. Since the breach involves email addresses, the firm asks the users to stay wary of possible crypto phishing attacks.
Because the data compromise included email addresses, there may be a heightened likelihood for email phishing attempts.
Specifically, users must not trust emails from domains similar to “opensea.io” or impersonating the firm’s branding styles. The firm also asks the users not to fall for any links or emails with misspelled names or domains like “opensea.org” or “opensea.xyz” etc.
In addition, they also assure that no official emails from OpenSea include attachments or links other than “email.opensea.io”. Plus, they warned users to avoid sharing passwords, wallet phrases, or making transactions prompted via emails.
For now, they have shared no further details but assured continued investigations with law enforcement.