OpenSea Data Breach; Customer Emails Stolen by Third Party

OpenSea, one of the largest NFT marketplaces, has said that it has suffered a data breach. Per the platform’s statement, an employee of Customer.io leaked a list of OpenSea customers’ email addresses to an outside party. Customer.io is a platform for managing emails, newsletters, and campaigns.

JUST IN: OpenSea says the company has suffered a data breach.

— Watcher.Guru (@WatcherGuru) June 30, 2022

The marketplace has published a press release to warn users. Customers should presume they have been affected by the event if they have previously provided their email address with OpenSea. 

The company stated,

“If you have shared your email with OpenSea in the past, you should assume you were impacted.”

They have informed legal law informants about this event and are cooperating with Customer.io in their current investigation.

An employee of our email vendor, https://t.co/6vM4WAcJal, misused their employee access to download & share email addresses with an unauthorized external party.

Email addresses provided to OpenSea by users or newsletter subscribers were impacted.https://t.co/Osb6qqkqZZ

— OpenSea (@opensea) June 30, 2022

Due to the high frequency of data leaks, email newsletter management platforms and customer relationship management (CRM) software appear to be a weak point for cryptocurrency companies.

In March, BlockFi, Swan Bitcoin, NYDIG, and Circle were impacted by a compromise of Hubspot, a software similar to Customer.io. Names, phone numbers, and email addresses of users of various sites were disclosed to a third party.

Unscrupulous actors may attempt to contact clients using emails from names that resemble OpenSea.io, such as OpenSea.org or OpenSea.xyz, according to the platform.

Customers of OpenSea have taken to Twitter and are lamenting an increase in spam calls, texts, and emails.

Famous crypto whistleblower, FatmanTerra asked whether the outside party only got the list of email addresses or did they also get the list of corresponding blockchain addresses.

To this, an employee of the NFT marketplace replied that Customer.io does not have access to any wallet addresses.

@FatManTerra https://t.co/S6A49fS8IR doesn’t have access to any wallet addresses. An employee of our email vendor, https://t.co/S6A49fS8IR, misused their employee access to download & shared email addresses with an unauthorized external party.

— Anne Fauvre-Willis (anniefauv.eth | anniefauv.sol) (@AnnieFauv) June 30, 2022

Some users have also complained of their NFTs being stolen. However, there is no confirmation regarding this at the moment.

Source: Twitter

In February of this year, OpenSea was a victim of a significant hack worth $1.7 million. The vast user base of OpenSea experienced a late-night scare as attackers stole hundreds of NFTs from users of the platform.

By

Leave a Reply

Your email address will not be published. Required fields are marked *