OpenSea data breach causes massive leak of users’ email addresses

OpenSea, the world’s largest nonfungible tokens (NFT) marketplace, has issued a warning to customers after it was discovered that an employee of Customer.io, a platform for managing email newsletters and campaigns, leaked the list of OpenSea customers’ emails to an outside party.

The breach has affected all of the users who have given their email to the marketplace, whether it’s for the platform or its newsletter. Following the breach, OpenSea advised customers against potential phishing attempts.

The NFT marketplace announced on Thursday that it has contacted law enforcement officials about the breach and that an investigation is in progress.

An employee of our email vendor, https://t.co/6vM4WAcJal, misused their employee access to download & share email addresses with an unauthorized external party.

Email addresses provided to OpenSea by users or newsletter subscribers were impacted.https://t.co/Osb6qqkqZZ

— OpenSea (@opensea) June 30, 2022

The most recent data breach is far from the first major assault on OpenSea and its users this year. In May, the popular NFT marketplace’s Discord server was hacked, leading to a deluge of phishing assaults. In the event, numerous user wallets were exploited. In January, the platform was subjected to one of its most severe assaults yet, in which an exploit allowed attackers to sell NFTs without permission. The marketplace reimbursed $1.8 million in losses.

My info was breached thanks to OpenSea and Customer io Lord Jeebus help me. I was wondering why I had so many spammy texts, phone calls, and emails lately.

— Metzilmazatl (Moon Deer)️‍ (@TheAscendant3) June 30, 2022

In March, Hubspot, a comparable service to Customer.io, was hacked, exposing customers’ usernames, phone numbers and emails on BlockFi, Swan Bitcoin, NYDIG and Circle. Customers of these platforms had their names, phone numbers, and email addresses released to an unknown party.

OpenSea warned that hackers may attempt to contact OpenSea customers through emails from domains that appear similar to OpenSea.io or OpenSea.xyz. Users on Twitter have reported an increase in spam emails, phone calls, and text messages.