NFT marketplace OpenSea announces that it has been the victim of a new intrusion, although this time the target is one of its partners. An employee of its email delivery system, Customer.io, allegedly downloaded and shared stored email addresses associated with OpenSea accounts and newsletter subscriptions with an unknown third party.
OpenSea victim of data theft
Those who have an OpenSea account and/or subscribe to the newsletter should assume that their email address is now compromised, as indicated in a blog post by corporate security director Cory Hardman. As of this writing, it does not appear that passwords or any other personal information has been stolen.
The company is working with Customer.io to conduct the survey. “Remain vigilant about your practices via email, and beware of any attempt to imitate OpenSea via email”, writes Cory Hardman in particular.
Unlike a previous phishing attack on OpenSea last February that resulted in several hundred NFTs being stolen, there appears to be no additional damage from this email address leak. Anyway, the number of people affected by this intrusion is very important. Hackread reported that 1.8 million users made purchases through the Ethereum network on OpenSea, according to data from Dune Analytics.
The emails of its leaked users
In recent hours, the company has sent emails to OpenSea users they believe may be impacted, reminding them to be particularly vigilant against possible phishing emails and other scams. Besides the standard advice not to download attachments or click on a link in an email from OpenSea, users should also not sign any wallet transaction directly from an email or confirm their passphrase.
The identity of the third party who received the email addresses has not been disclosed. A Customer.io representative told TechCrunch that the employee behind this attack had “specific” access to the OpenSea data he stole. “We do not believe that any other customers’ data has been compromised, but we are continuing to investigate. The employee in question has had all access revoked and is suspended pending the conclusion of our investigation.”