OpenSea reveals email breach, blames employee at third-party vendor

2 years ago 163
BOOK THIS SPACE FOR AD
ARTICLE AD

Adam Bannister 30 June 2022 at 13:10 UTC

All users who shared their email address with NFT marketplace told: ‘Assume you were impacted’

OpenSea reveals NFT email breach, blames employee at third-party vendor

OpenSea, the world’s largest non-fungible token (NFT) marketplace, has claimed that a rogue employee at a third-party vendor has shared its users email addresses with an unauthorized external entity.

“If you have shared your email with OpenSea in the past, you should assume you were impacted,” users were warned by OpenSea head of security Cory Hardman in a blog post yesterday (June 29).

According to OpenSea, the culprit was employed by Customer.io, an automated messaging platform used by marketers to create and send emails, push notifications, and SMS messages.

Catch up with the latest blockchain security news

“We recently learned that an employee of Customer.io, our email delivery vendor, misused their employee access to download and share email addresses – provided by OpenSea users and subscribers to our newsletter – with an unauthorized external party,” said Hardman.

“We are working with Customer.io in their ongoing investigation, and we have reported this incident to law enforcement.”

Phishing warning

Hardman warned users of “a heightened likelihood for email phishing attempts”, and urged them to “be alert for any attempt to impersonate OpenSea” from email addresses that look “visually similar to our official email domain, ‘opensea.io’ (such as ‘opensea.org’ or some other variation).”

Moreover, continued Hardman, users should always scrutinize embedded hyperlinks before clicking, and never download attachments from emails purporting to be from OpenSea, or share passwords or secret wallet phrases, or sign wallet transactions, when prompted via email.

Over on Twitter, security researcher ‘CIA Officer’ advised users to be vigilant about the use phishing tool Email Appender, IP-loggers, and canary tokens.

“I strongly recommend checking email header, domain and disable ‘download remote content’, also do not forget about MFA [multi-factor authentication]!” they added.

Founded in in New York in 2017, OpenSea claims to be the world’s first as well as biggest marketplace focused on NFTs and crypto collectibles.

DON’T MISS Ready meal distributor Apetito restores ‘limited’ deliveries in UK following cyber-attack

Read Entire Article