Security News > 2022 > June > OpenSea phishing threat after rogue insider leaks customer email addresses
An employee of OpenSea's email delivery vendor Customer.io "Misused" their access to download and share OpenSea users' and newsletter subscribers' email addresses "With an unauthorized external party," Head of Security Cory Hardman warned on Wednesday.
"If you have shared your email with OpenSea in the past, you should assume you were impacted," Hardman continued.
To be clear: that is a whole lot of email addresses.
OpenSea claims to be the largest NFT marketplace, and it boasts a transaction volume of over $20 billion and more than 600,000 users, all of which presumably provided their email addresses at one point.
"Because the data compromise included email addresses, there may be a heightened likelihood for email phishing attempts," he added, with some example phishing email domains tossed overboard for good measure.
OpenSea only sends emails from opensea.io, and these messages never include attachments or requests for users to download anything, Hardman noted.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/06/30/opensea_data_breach_phishing/
Related news
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Beware: PayPal "New Address" feature abused to send phishing emails (source)
- Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails (source)
- Coinbase phishing email tricks users with fake wallet migration (source)
- Why it's time for phishing prevention to move beyond email (source)
- New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims’ DNS Email Records (source)
- PoisonSeed phishing campaign behind emails with wallet seed phrases (source)