OpenSea didn’t specify how many users are likely to be impacted by this breach.
Given the OpenSea’s user base, millions of emails could have been compromised
Photo Credit: Unsplash/ PiggyBank
OpenSea, the largest non-fungible token (NFT) marketplace by trading volume, has suffered a data breach after an employee at the platform's email delivery partner – Customer.io – leaked user data. In a blog post on Thursday, the marketplace said that an employee of Customer.io "misused their employee access to download and share email addresses – provided by OpenSea users and subscribers to our newsletter – with an unauthorised external party." According to OpenSea, all customers who have shared their email with the platform in the past should assume they have been impacted by the breach.
In a blog post, OpenSea's head of security Cory Hardman said that an employee of Customer.io, OpenSea's email delivery vendor, abused their access by downloading and externally sharing customer data.
"If you have shared your email with OpenSea in the past, you should assume you were impacted," he wrote. "We are working with Customer.io in their ongoing investigation, and we have reported this incident to law enforcement."
The company further warned customers might face phishing attacks — attempts by cybercriminals posing as credible institutions with the aim to obtain sensitive information — by using a domain name similar to the official "opensea.io," such as "opensea.org" or "opensae.io."
Hardman also shared a set of safety recommendations that would help defend against phishing attempts advising them to be suspicious of any emails trying to impersonate OpenSea, not to download and open email attachments, and to check the URLs of pages linked in OpenSea emails.
Users are also urged never to share or confirm their passwords or secret wallet phrases and never to sign wallet transactions if prompted directly via email.
Some customers took to Twitter to share screenshots showing that OpenSea contacted them by email to inform them about the breach.
A similar incident occurred in March, when hackers breached third-party marketing vendor HubSpot to target large crypto stakeholders. NYDIG, Pantera Capital, BlockFi, Circle and Swan Bitcoin were among the affected companies.
Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.