NFT exchange OpenSea continues to be the victim of a data breach, although the target this time is one of its service providers.
According to Engadget, an employee of OpenSea’s service provider Customer.io allegedly downloaded and shared hosted email addresses associated with OpenSea accounts and newsletter subscriptions with a third party. Unknown.
Any OpenSea account holder or newsletter subscriber could be on the affected list, said OpenSea chief security officer Cory Hardman. At the same time, he said users are wary of email activities and against any attempts to impersonate OpenSea via email.
At this time, OpenSea has not discovered that the victim’s password or personal information has been stolen. The company is currently working with Customer.io to investigate the issue.
Unlike the OpenSea phishing attack in February 2022 that resulted in hundreds of NFTs being stolen, there seems to be no further damage reported beyond the leaked email addresses. However, the number of people potentially affected by the breach is substantial. Hackread’s report shows that 1.8 million customers buy Ethereum through OpenSea.
OpenSea has also emailed OpenSea users it suspects to be involved to warn against phishing emails and other scams. In addition to standard advice such as not downloading attachments or clicking links from OpenSea emails, users are also warned not to sign wallet transactions directly from the email or share or confirm secure wallet phrases. whole.
The identity of the third party that received the breached email addresses has not yet been disclosed. A representative from Customer.io said that the employee behind the breach had all-access removed and suspended pending the conclusion of an investigation from the company.
