Quick take:
- OpenSea says its email vendor leaked the addresses of users and subscribers to the OpenSea Newsletter.
- The NFT marketplace says Customer.io misused their employee access to download and share email addresses with an unauthorised external party.
- The company has warned anyone who has shared their email address with OpenSea in the past to watch out for potential email phishing attempts.
OpenSea on Wednesday evening reported its email vendor Customer.io had leaked addresses to an unauthorised third party.
According to the announcement, an employee of Customer.io misused their credentials “to download and share email addresses – provided by OpenSea users and subscribers to our newsletter— with an unauthorised external party.”
The company asked those that have shared their email addresses with OpenSea to be wary of potential email phishing attacks.
Meanwhile, OpenSea is working with Customer.io to investigate the matter after reporting the incident to law enforcement.
This is not the first incident the world’s largest NFT marketplace has fallen victim to. Earlier this month, the former head of Product at OpenSea was indicted for NFT insider trading activities.
In May, a hacker hijacked OpenSea’s Discord server to launch a phishing attack that promoted a fake OpenSea and Youtube partnership NFT mint pass.
In January this year, the company launched a listing manager after hackers exploited a listing glitch in its system to flip NFTs at a profit. The attackers bought top NFTs below floor price before selling them at a premium.
The company has taken various measures to limit attacks but it seems always a step behind the savvy masters of the dark web.
On May 11, the company introduced some changes to the account verification process and the NFT copayment detection system to detect fake accounts and counterfeit NFTs.
The company also teamed up with Metalink, receiving a dedicated server for community management as part of its strategy of preventing its customers from phishing attacks via social channels.
But even with these changes, the company could not prevent the latest security breach.
OpenSea has embraced a model that utilises third-party services to improve security. However, this also seems to be presenting another threat, that is arguably out of its control.
The platform is being challenged by upcoming NFT marketplaces to evolve with changing trends, and this has seen it launch a new Web3 NFT protocol called Seaport.
OpenSea has issued a comprehensive list of potential attacks that victims of leaked emails could face whilst maintaining customer “trust and safety is a top priority.”
Stay up to date:
