OpenSea, one of the world’s biggest NFT marketplaces, has flagged a data breach by its email vendor Customer.io. According to OpenSea, an employee of Customer.io misused their employee access to obtain and share buyer email addresses with an exterior occasion. The employee has downloaded and shared the email addresses with an unauthorized external party.
According to an OpenSea announcement, anyone who has shared their email addresses with the NFT marketplace – be it for the platform or even for their newsletter – may get impacted by the breach. The popular NFT marketplace has launched an investigation into the breach and is now involved with legislation enforcement officers over the breach, it said in a blog post. It is also assisting Customer.io with its own internal investigation.
OpenSea, the world’s biggest NFT marketplace by daily trading volumes, has warned all users to stay vigilant and be alert for any phishing attempts to impersonate OpenSea via email. According to the blog post, there may be a heightened likelihood for email phishing attempts since the data breach included email addresses.
It urged users to be aware that malicious actors may try to contact them using an email address that may look very similar to OpenSea’s official domain name. Among the steps that OpenSea urged its users to implement are never to download anything from an OpenSea email as authentic OpenSea emails do not contain any attachments or requests to download anything.
The other steps suggested by OpenSea are checking the name and spellings of the URL of any page linked in an OpenSea email, never share or confirm passwords or secret wallet phrases and never sign a wallet transaction prompted directly from an email.
There are already posts on social media platforms by OpenSea users who are lamenting about an uptick already in spam emails, calls and text messages. While some users also complained of their NFT being stolen and sought compensation, there were no confirmation yet of any NFT theft incident arising from the latest data breach. Meanwhile, OpenSea has also contacted customers by email to inform them about the data breach.
One crypto whistleblower asked on Twitter whether the third party only got access to the email addresses or also to the corresponding blockchain addresses of the users too. An OpenSea employee responded by informing that Customer.io did not have access to any wallet addresses.
The latest breach of information follows a recent one where the NFT marketplace’s Discord server was compromised and flooded with phishing assaults. A number of consumer wallets have been drained within the assault. In February, OpenSea was a victim of a significant hack when hackers stole hundreds of NFT from users of the marketplace.
Due to the high frequency of data leaks, email newsletter management platforms and customer relationship management (CRM) software appear to be a weak point for cryptocurrency firms. Earlier this year, BlockFi, Swan Bitcoin, NYDIG and Circle were impacted by a compromise of Hubspot, a software similar to Customer.io. Names, phone numbers and email addresses of users were disclosed to a third party as part of that data leak.