Key Takeaways
- OpenSea faced a data breach on Wednesday, which involved Customer.io employee downloading email addresses belonging to OpenSea users.
- OpenSea has warned users to avoid emails that impersonate its opensea.io domain and not to download anything from an Opensea email.
Leading Marketplace for NFT’s OpenSea has warned its users to be on the alert for email phishing attacks following a massive data leak.The online NFT Marketplace disclosed the data breach on Wednesday.
According to OpenSea’s Head of Security, Cory Hardman, an employee of customer.io, the firm’s email delivery vendor, downloaded email addresses of OpenSea users and newsletter subscribers. The stolen email addressed in the incident were later shared with an unauthorized external party.
“If you have shared your email with OpenSea in the past, you should assume you were impacted. We are working with Customer.io in their ongoing investigation, and we have reported this incident to law enforcement,” Hardman said. Hardman further added that since data compromise included email addresses, there exists a “heightened likelihood for email phishing attempts.”
In a message sent to those impacted, the NFT marketplace urged users to be “extra cautious” about email safety. The firm further warned users to avoid emails that impersonate its opensea.io domain and not to download anything from an Opensea email, as well as avoid opening any emails or files from strangers. Under safety recommendations, the firm urged users not to confirm/share their passwords or secret wallet phrases and also never to sign wallet transactions if prompted directly via email.
This is not the first time OpenSea has been a target of phishing attacks. Earlier, the online NFT Marketplace has been targeted by threat actors impersonating fake support staff and by a phishing attack that left over a dozen users without hundreds of NFTs worth roughly $2 million.
In February, an estimated $1.7m worth of NFTs were stolen from OpenSea in an apparent phishing attack, while in May, OpenSea’s official Discord server was hacked. In Mid-2021, OpenSea also closed a bug that could let attackers empty and access OpenSea account owners’ cryptocurrency wallets by luring the users to click on malicious NFT art.