If you have provided the NFT marketplace OpenSea with your email address, you might expect to start receiving some phishing emails in the near future. On Wednesday, OpenSea made the announcement that a staff of its email delivery partner Customer.io had misappropriated employee access in order to exchange email details with an “unauthorized third party.” These are the e-mail addresses that users of OpenSea and those who subscribe to the firm’s periodical have provided to OpenSea.
In a blog entry, the firm said that it has informed law authorities about the event and is cooperating with Customer.io during their current scrutiny. Additionally, the company stated that it has submitted a complaint.
This isn’t as bad as some previous data breaches since just user email addresses were compromised, despite the fact that your email delivery company has the primary responsibility of ensuring that user addresses aren’t leaked to third parties. However, due to the nature of cryptocurrency, it is very probable that almost all OpenSea users will start getting phishing emails. The purpose of these emails is to imitate OpenSea in order to convince users to download malicious software or give over their personal bitcoin key.
In a recent blog article, OpenSea is making preparations its users for the potential that they will encounter phishing addresses by providing some advice on the different kinds of phishing addresses they may encounter as well as a collection of safety measures they should take. These safety measures include only believing emails that are arriving from the url “opensea.io,” never trying to download any files in an OpenSea email, and never communicating passwords or secret wallet buzzwords with anybody. Users should also exercise caution when clicking on any URLs that are included in an OpenSea email, and they should under never circumstances sign wallet activities that are requested straight from an email.
This is not even close to being OpenSea’s first-ever security problem in its entire existence. In January, hackers took advantage of a weakness in order to sell other users’ NFTs and pocket the earnings for themselves; in May, the OpenSea Discord server was breached. In addition, let us not overlook that in June, an employee of OpenSea was detained for engaging in insider trading.