OpenSea is a victim of data theft. Emails from leaked users.
The NFT marketplace OpenSea announces that it has been the victim of a new invasion, although this time the target is one of its partners. An employee of its Customer.io email delivery system allegedly uploaded and shared saved email addresses associated with OpenSea accounts and newsletter subscriptions to an unknown third party.
OpenSea data theft victim
Those with an OpenSea account and/or a newsletter subscription should assume that their email address has now been compromised, as outlined in a blog post by Corporate Security Director Corey Hardman. At the time of this writing, it does not appear that the passwords or any other personal information has been stolen.
The company is working with Customer.io to conduct a survey. “Remain vigilant about your email practices and beware of any attempts to imitate OpenSea via email,” writes Corey Hardman in particular.
Unlike the previous OpenSea phishing attack last February, which resulted in the theft of several hundred NFTs, this email address leak appears to have caused no further damage. In any case, the number of people affected by this invasion is very important. Hackread reported that 1.8 million users have made purchases through the Ethereum network on OpenSea, according to Dune Analytics.
Leaked user emails
In recent hours, the company has been sending emails to OpenSea users they believe may be affected, reminding them to be extra vigilant for possible phishing emails and other scams. In addition to the standard advice not to download attachments or follow a link in an email from OpenSea, users should also not sign any wallet transactions directly from the email or confirm their passphrase.
The identity of the third party who received the email addresses is not disclosed. A representative from Customer.io told TechCrunch that the employee behind the attack had “special”access to the OpenSea data he stole. “We do not believe that any other customer data has been compromised, but we are continuing to investigate. The employee in question has had all access revoked and has been suspended pending the completion of our investigation.”