OpenSea, the world’s largest non-fungible token (NFT) marketplace, has disclosed that it has suffered a data breach, and the email addresses of its users could become subject to phishing attacks.
On Wednesday, June 28, OpenSea flagged a data breach through its email vendor Customer.io. The NFT marketplace reported that “email addresses provided to OpenSea by users or newsletter subscribers were impacted.”
According to OpenSea, a staff member at Customer.io, an email vendor contracted by OpenSea, misused their employee access to download and share the email addresses of OpenSea’s users and newsletter subscribers.
OpenSea Warns About Possible Phishing Attacks
With OpenSea unsure of the scale of the data breach, they have warned people who had shared their email addresses with OpenSea in the past to assume that they were impacted.
OpenSea adds that the impacted email address could receive emails from the domain ‘opensea.io.’ OpenSea warns that mail from this domain is from malicious actors who may use this information to impersonate OpenSea in email phishing attempts.
Why You Should Care
OpenSea will only send emails from the domain “http://opensea.io.” As such, users should delete emails from opensea.io, opensea.org, and opensea.xyz, among others.
