Phishing on the OpenSea

The world’s biggest NFT marketplace warned users of a data breach resulting from a leak involving email addresses Wednesday.

• An employee of Customer.io, an automated messaging platform for marketers, leaked the list of OpenSea customer emails to an external party.
• In a tweet, OpenSea explained that the employee “misused their employee access to download & share email addresses with an unauthorized external party” It’s not clear if the leak was intentional or a result of neglect.
• Affected users included anyone who had given their email address to the OpenSea marketplace or the newsletter.
• The data breach could lead to phishing attempts perpetrated by bad actors looking to lull NFT collectors into unwittingly revealing details or sending funds to spoofed websites and wallets.
• OpenSea announced Wednesday that it has involved law enforcement to begin an investigation into the breach.

Data breaches are never good, but at least informed users now know to keep eyes peeled for any suspicious incoming emails from unrecognised senders. This practice should always be in place. It’s also best practice to keep separate email addresses specifically dedicated for use on exchanges, websites and platforms.

It’s time to review your personal security practices! Learn how here.