OpenSea NFT Marketplace Suffers Data Breach Leaking Email IDs of Users: Here What You Need to Know

OpenSea didn’t specify how many users are likely to be impacted by this breach.

OpenSea NFT Marketplace Suffers Data Breach Leaking Email IDs of Users: Here What You Need to Know

Photo Credit: Unsplash/ PiggyBank

Given the OpenSea’s user base, millions of emails could have been compromised

Highlights
  • The breach occurred at OpenSea’s email delivery vendor
  • OpenSea has warned users about potential phishing emails
  • A few OpenSea users have reported that they've received caution emails

OpenSea, the largest non-fungible token (NFT) marketplace by trading volume, has suffered a data breach after an employee at the platform's email delivery partner – Customer.io – leaked user data. In a blog post on Thursday, the marketplace said that an employee of Customer.io "misused their employee access to download and share email addresses – provided by OpenSea users and subscribers to our newsletter – with an unauthorised external party." According to OpenSea, all customers who have shared their email with the platform in the past should assume they have been impacted by the breach.

In a blog post, OpenSea's head of security Cory Hardman said that an employee of Customer.io, OpenSea's email delivery vendor, abused their access by downloading and externally sharing customer data.

"If you have shared your email with OpenSea in the past, you should assume you were impacted," he wrote. "We are working with Customer.io in their ongoing investigation, and we have reported this incident to law enforcement."

The company further warned customers might face phishing attacks — attempts by cybercriminals posing as credible institutions with the aim to obtain sensitive information — by using a domain name similar to the official "opensea.io," such as "opensea.org" or "opensae.io."

Hardman also shared a set of safety recommendations that would help defend against phishing attempts advising them to be suspicious of any emails trying to impersonate OpenSea, not to download and open email attachments, and to check the URLs of pages linked in OpenSea emails.

Users are also urged never to share or confirm their passwords or secret wallet phrases and never to sign wallet transactions if prompted directly via email.

Some customers took to Twitter to share screenshots showing that OpenSea contacted them by email to inform them about the breach.

A similar incident occurred in March, when hackers breached third-party marketing vendor HubSpot to target large crypto stakeholders. NYDIG, Pantera Capital, BlockFi, Circle and Swan Bitcoin were among the affected companies.


Will crypto tax hurt the industry in India? We discuss this on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.
Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Shomik Sen Bhattacharjee
Shomik is a senior sub-editor at Gadgets 360. As someone who's screened the consumer tech space for the past four years, he's now shifted focus to the crypto-verse. When not converting currency values in his head, you may find him in an intense five-a-side football match or grinding out the newest Destiny 2 weekly challenge on his Xbox. You can reach him for tips or queries at ShomikB@ndtv.com. More
Facebook, Instagram Users May Soon Cross-Post NFTs as Meta Continues Web3 Expansion
Samsung Gaming Hub With Access to Xbox, Stadia, GeForce Now Debuts on Company's 2022 Smart TVs
Read in: हिंदी
Share on Facebook Tweet Snapchat Share Reddit Comment google-newsGoogle News
© Copyright Red Pixels Ventures Limited 2022. All rights reserved.