OpenSea, the world’s largest non-fungible token (NFT) marketplace, has disclosed that it has suffered a data breach, and the email addresses of its users could become subject to phishing attacks.
Emails Stolen in OpenSea Data Breach
On Wednesday, June 28, OpenSea flagged a data breach through its email vendor Customer.io. The NFT marketplace reported that “email addresses provided to OpenSea by users or newsletter subscribers were impacted.”
According to OpenSea, a staff member at Customer.io, an email vendor contracted by OpenSea, misused their employee access to download and share the email addresses of OpenSea’s users and newsletter subscribers.
OpenSea Warns About Possible Phishing Attacks
With OpenSea unsure of the scale of the data breach, they have warned people who had shared their email addresses with OpenSea in the past to assume that they were impacted.
OpenSea adds that the impacted email address could receive emails from the domain ‘opensea.io.’ OpenSea warns that mail from this domain is from malicious actors who may use this information to impersonate OpenSea in email phishing attempts.
On the Flipside
- On Twitter, users of OpenSea are complaining of a rise in spam emails, calls, and text messages.
- OpenSea says it has opened an investigation into the matter and has reported the data breach to law enforcement.
Why You Should Care
OpenSea will only send emails from the domain “http://opensea.io.” As such, users should delete emails from opensea.io, opensea.org, and opensea.xyz, among others.
Read about other recent OpenSea breaches below:
On the upside, OpenSea has made the following updates: