{"id":11957,"date":"2022-06-30T22:43:24","date_gmt":"2022-06-30T22:43:24","guid":{"rendered":"https:\/\/nftandcrypto-news.com\/nft\/everything-to-know-about-openseas-massive-data-breach\/"},"modified":"2022-06-30T22:43:27","modified_gmt":"2022-06-30T22:43:27","slug":"everything-to-know-about-openseas-massive-data-breach","status":"publish","type":"post","link":"https:\/\/nftandcrypto-news.com\/nft\/everything-to-know-about-openseas-massive-data-breach\/","title":{"rendered":"Everything to Know About OpenSea’s Massive Data Breach"},"content":{"rendered":"
\n

Last night, OpenSea \u2014 widely regarded as the world\u2019s most popular NFT marketplace \u2014 dropped a bombshell of a blog post. According to their report, they use Customer.io as an email vendor. The problem? One of the vendor\u2019s employees\u00a0 \u201cmisused their employee access to download & share email addresses [of OpenSea\u2019s userbase] with an unauthorized third party.\u201d <\/p>\n

Ultimately, the scale of the security breach seems to be simply massive. A large chunk of OpenSea\u2019s active user base of over 1.5 million, in addition to anyone who subscribed to its newsletter, may have had their email address compromised. \u201cIf you have shared your email with OpenSea in the past, you should assume you were impacted,\u201d the company said. <\/p>\n

On Twitter<\/a>, a number of OpenSea users are already complaining about an uptick in spam emails, calls, and text messages. <\/p>\n

Should you worry about the OpenSea breach?<\/h2>\n

One of the most prevalent forms of hacking attacks and thefts in the NFT space is the age-old phishing attack. Since 2021, hackers have successfully plundered millions of dollars worth of NFTs via malicious links across the entire space: OpenSea included.<\/p>\n

With so many email addresses from OpenSea users exposed, bad actors could easily impersonate OpenSea or its employees, goading users into clicking links that would see their NFT wallets and collections emptied in a flash. The NFT giant itself has warned users in a thread on Twitter<\/a> about what they might find in their email inboxes in the coming weeks.<\/p>\n

OpenSea informed users via email if their addresses were among those sold off to the third party in the data breach. Some users were quick to point out the irony of it all.<\/p>\n

\n
\n
\n

opensea: we leaked your email addresses. watch out for phishing attempts! <\/p>\n

anon: how do i know if i was affected?<\/p>\n

opensea: we\u2019ll email you<\/p>\n

\u2014 sadaf.eth | 5345.eth (@sadaf_eth) June 30, 2022<\/a><\/p><\/blockquote>\n<\/div>\n<\/figure>\n

With OpenSea still recovering from the highly-publicized case of insider trading done by one of its former employees, this data breach has dealt yet another blow to the NFT marketplace\u2019s public image. As of writing, Customer.io\u2019s investigation on the matter is still currently ongoing, with no indication on OpenSea\u2019s end if they will continue or cease their relationship with the email service provider.<\/p>\n

How to stay safe<\/h2>\n

You likely don\u2019t want to change your email because of this breach. Totally understandable. So, here\u2019s what you need to do in order to keep yourself safe:<\/p>\n

    \n
  • Look out for emails from OpenSea and ensure the address is correct<\/strong>: OpenSea will only send you emails from the domain: \u201copensea.io.\u201d<\/li>\n
  • Never download anything from an OpenSea email<\/strong>: OpenSea emails will never include any attachments. Never. <\/li>\n
  • Check the URL of any page linked in an OpenSea email<\/strong>: Hyperlinks should always<\/em> point to \u201cemail.opensea.io\u201d URLs. Double-check to ensure that \u201copensea.io\u201d is spelled correctly.<\/li>\n
  • Never share or confirm your passwords or secret wallet phrases<\/strong>: Not with OpenSea or anyone else. Ever. <\/li>\n
  • Never sign a wallet transaction prompted directly from an email<\/strong>: OpenSea emails will never contain links that prompt you to sign a wallet transaction. <\/li>\n
  • Never sign a wallet transaction that doesn\u2019t list the right origin<\/strong>: It should always say \u201chttps:\/\/opensea.io\u201d\u00a0if you were led there by email.<\/li>\n<\/ul><\/div>\n