OpenSea Suffered Data Breach, Exposed Users’ Email Addresses

The popular NFT marketplace OpenSea has recently disclosed a data breach affecting its users and subscribers. The service warns everyone to be wary of potential phishing attempts exploiting OpenSea’s name.

OpenSea Data Breach

According to a recent blog post, OpenSea has suffered a data breach due to third-party interference.

As revealed, the breach happened as one of the employees from their email delivery vendor, Customer.io, unauthorizedly downloaded OpenSea’s email data and shared it with a third party.

We recently learned that an employee of Customer.io, our email delivery vendor, misused their employee access to download and share email addresses – provided by OpenSea users and subscribers to our newsletter – with an unauthorized external party.

Regarding the extent of the incident’s impact on the customers, OpenSea explains that anyone who signed up or shared the email address with OpenSea should assume the impact.

Users Stay Wary Of Phishing

The firm has confirmed investigating the matter with Customer.io, besides reporting it to the law enforcement authorities.

Nonetheless, they warn the users to watch out for email security at their end. Since the breach involves email addresses, the firm asks the users to stay wary of possible crypto phishing attacks.

Because the data compromise included email addresses, there may be a heightened likelihood for email phishing attempts.

Specifically, users must not trust emails from domains similar to “opensea.io” or impersonating the firm’s branding styles. The firm also asks the users not to fall for any links or emails with misspelled names or domains like “opensea.org” or “opensea.xyz” etc.

In addition, they also assure that no official emails from OpenSea include attachments or links other than “email.opensea.io”. Plus, they warned users to avoid sharing passwords, wallet phrases, or making transactions prompted via emails.

For now, they have shared no further details but assured continued investigations with law enforcement.

Related posts

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

ZenHammer Memory Attack Exploits Rowhammer Against AMD CPUs