OpenSea Users Beware, Your Email May Have Been Compromised in Recent Breach

OpenSea, the world’s largest non-fungible token (NFT) marketplace, has suffered another data breach, one which compromised the email addresses of its users.

Credit: OpenSea

In a blog post, OpenSea Head of Security Cory Hardman explains that an employee of its email delivery vendor, Customer.io, allegedly misused credentials to download and share the email addresses of the platform’s users and newsletter subscribers to an "unauthorised external party".


OpenSea believes the scale of the breach is widespread. "If you have shared your email with OpenSea in the past, you should assume you were impacted," said the platform, noting that it has already reported the incident to law enforcement and is working with Customer.io on its investigation. The platform has more than 600,000 users, according to its website.


"We believe this resulted from the actions of an employee who had role-specific access privileges that were abused," a Customer.io spokesperson told TechCrunch. "The employee in question has had all access removed and has been suspended pending the conclusion of our investigation."


If you’re an OpenSea user, you should be alert for phishing attacks and other sorts of scams, which are a likelihood after email-related breaches as OpenSea warns. Malicious actors employ phishing attacks to trick you into downloading malware into your system or giving your login credentials to them. They would usually pose as legitimate entities to make their ploy more effective.

Hardman reminds users to follow some of the usual safety recommendations. One of which is to avoid downloading anything from OpenSea emails. He notes that the platform would never put attachments on its emails. Additionally, he urged users to check on the URLs of any pages linked to sent emails. He also said to never share passwords or sign a wallet transaction via email.


In February, there were a number of OpenSea users who suffered what the platform said was a phishing attack. The victims lost some of their most valuable NFTS, with damages reportedly totaling about US$1.7 million.


There has yet to be any reported damage resulting from this recent data breach. The "unauthorised external party" who got hold of the leaked email address is also yet to be named.

 
  • OpenSea, the world’s largest non-fungible token (NFT) marketplace, has suffered another data breach, one which compromised the email addresses of its users.

  • An employee of OpenSea's email delivery vendor, Customer.io, allegedly misused credentials to download and share the email addresses of the platform's users to an "unauthorised external party".

  • There has yet to be any reported damage resulting from this recent data breach, though it is believed that all users who shared their emails to OpenSea are affected.


Side