Home
Cryptocurrency
Cryptocurrency News
OpenSea NFT Marketplace Suffers Data Breach Leaking Email IDs of Users: Here What You Need to Know

OpenSea NFT Marketplace Suffers Data Breach Leaking Email IDs of Users: Here What You Need to Know

OpenSea didn’t specify how many users are likely to be impacted by this breach.

By Shomik Sen Bhattacharjee | Updated: 1 July 2022 15:25 IST

OpenSea NFT Marketplace Suffers Data Breach Leaking Email IDs of Users: Here What You Need to Know

Photo Credit: Unsplash/ PiggyBank

Given the OpenSea’s user base, millions of emails could have been compromised

Click Here to Add Gadgets360 As A Trusted Source

Highlights

The breach occurred at OpenSea’s email delivery vendor
OpenSea has warned users about potential phishing emails
A few OpenSea users have reported that they've received caution emails

OpenSea, the largest non-fungible token (NFT) marketplace by trading volume, has suffered a data breach after an employee at the platform's email delivery partner – Customer.io – leaked user data. In a blog post on Thursday, the marketplace said that an employee of Customer.io "misused their employee access to download and share email addresses – provided by OpenSea users and subscribers to our newsletter – with an unauthorised external party." According to OpenSea, all customers who have shared their email with the platform in the past should assume they have been impacted by the breach.

In a blog post, OpenSea's head of security Cory Hardman said that an employee of Customer.io, OpenSea's email delivery vendor, abused their access by downloading and externally sharing customer data.

If we believe your email address was impacted, you'll receive an email from the domain 'https://t.co/3qvMZjxmDB.'

Please stay cautious. Malicious actors may use this information to impersonate OpenSea in email phishing attempts.

A few important email safety recommendations:
— OpenSea (@opensea) June 30, 2022

"If you have shared your email with OpenSea in the past, you should assume you were impacted," he wrote. "We are working with Customer.io in their ongoing investigation, and we have reported this incident to law enforcement."

The company further warned customers might face phishing attacks — attempts by cybercriminals posing as credible institutions with the aim to obtain sensitive information — by using a domain name similar to the official "opensea.io," such as "opensea.org" or "opensae.io."

Binance Ropes-In Instagram, TikTok Star Khaby Lame as Brand Ambassador

Hardman also shared a set of safety recommendations that would help defend against phishing attempts advising them to be suspicious of any emails trying to impersonate OpenSea, not to download and open email attachments, and to check the URLs of pages linked in OpenSea emails.

Users are also urged never to share or confirm their passwords or secret wallet phrases and never to sign wallet transactions if prompted directly via email.

Some customers took to Twitter to share screenshots showing that OpenSea contacted them by email to inform them about the breach.

Meta to Enable NFT Cross-Posting on Facebook, Instagram Apps

OpenSea data breach. pic.twitter.com/FEtDKsoHje
— eric.eth (@econoar) June 30, 2022

A similar incident occurred in March, when hackers breached third-party marketing vendor HubSpot to target large crypto stakeholders. NYDIG, Pantera Capital, BlockFi, Circle and Swan Bitcoin were among the affected companies.

Will crypto tax hurt the industry in India? We discuss this on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.

Affiliate links may be automatically generated - see our ethics statement for details.

Comments

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.