- OpenSea says that it has suffered a data breach.
- “An employee of our email vendor, Customer.io, misused their employee access,” states the NFT platform.
- The marketplace warns users about opening files or signing in from suspicious emails.
OpenSea has just announced that the NFT platform has been a victim of a data breach. Through a blogpost and its official Twitter account, the NFT marketplace states an investigation is ongoing and that they’ve reported the incident to law enforcement.
Addressing the data leak, OpenSea has admitted that an employee of its email vendor, Customer.io, misused their employee access to download and share email addresses with an unauthorized external party.
“Email addresses provided to OpenSea by users or newsletter subscribers were impacted,” explained the team.
An employee of our email vendor, https://t.co/6vM4WAcJal, misused their employee access to download & share email addresses with an unauthorized external party.
Email addresses provided to OpenSea by users or newsletter subscribers were impacted.https://t.co/Osb6qqkqZZ
— OpenSea (@opensea) June 30, 2022
Furthermore, OpenSea informs its users that if their email address was impacted, they would be receiving an email from the domain ‘opensea.io’. They have asked investors to stay cautious of potentially harmful emails. “Malicious actors may use this information to impersonate OpenSea in email phishing attempts.”
Concerned about impending attacks, OpenSea goes on to add that they will only send emails from the domain ‘http://opensea.io.’ Users must stay aware of attempts to impersonate OpenSea through slight variations of its domain name, which may include but are not limited to addresses such as opensae.io, opensea.org, and opensea.xyz.
The firm also cautions its users from downloading any file from an OpenSea email. They have asked everyone to check the URL of any page linked in an OpenSea email. “We will only include hyperlinks to ‘http://email.opensea.io.’ URLs,” reads one of the posts in the Twitter thread.
OpenSea also warns users about sharing their seed phrase with anyone. “We’ll never ask for it,” states the platform. Other warnings include concerns about signing wallet transactions from emails and interacting with emails and files sent from strangers.
As data breaches become dangerously common, crypto firms are ramping up safety protocols. OpenSea’s experience, among many others, might serve as a blueprint for future data protection standards.