NFT marketplace OpenSea has emailed several of its users today (June 30) to alert them that their email addresses may be part of a data breach.
The message cited an employee of OpenSea’s email vendor Customer.io misusing their access to the system to “download and share email addresses with and unauthorized third party”.
Identification of the effected email addresses seems to have followed the discovery of the breach yesterday. After which a blog post by OpenSea head of security Cory Hardman was published, which said: “If you have shared your email with OpenSea in the past, you should assume you were impacted.”
He urged that OpenSea customers: “Please stay vigilant about your email practices, and be alert for any attempt to impersonate OpenSea via email.”
While OpenSea itself has not been breached, the NFT marketplace is concerned that the email addresses could be used for phishing attacks.
In its email to users, it recommended users be cautious of emails that appear to be from OpenSea and emphasised that the business will only send emails from the opensea.io domain.
It also warns users never to download anything from an OpenSea email. If it is a genuine email, it will not request downloads or include attachments.
It will also only ever send hyperlinks with an email.opensea.io URL, and users are urged to ensure the link is spelt correctly before clicking it.
Finally, users were reminded never to share their password details or secret wallet phrases and never to sign a wallet transaction directly from an email.
“Please be aware that malicious actors may try to contact you using an email address that looks visually similar to our official email domain, ‘opensea.io’ (such as ‘opensea.org’ or some other variation)”, urged Hardman’s blog post.
“Your trust and safety is a top priority. We wanted to share the information we have at this time, and let you know that we’ve reported the incident to law enforcement and are cooperating in their investigation.”
OpenSea has been subject to exploitation in the past. In February, NFT holders lost more than 332 Ethereum or close to $800,000, when a user who was able to purchase multiple NFTs for way under market value.
While in September 2021, the marketplace closed a bug that enabled hackers to empty account holders’ cryptocurrency wallets by getting them to click on a dodgy NFT.
You should stay vigilant about the security of all your accounts online. To safely enjoy using crypto at our recommended casino sites, visit 1xBit, Bitcasino.io or FortuneJack.