Security News > 2022 > June > OpenSea phishing threat after rogue insider leaks customer email addresses
An employee of OpenSea's email delivery vendor Customer.io "Misused" their access to download and share OpenSea users' and newsletter subscribers' email addresses "With an unauthorized external party," Head of Security Cory Hardman warned on Wednesday.
"If you have shared your email with OpenSea in the past, you should assume you were impacted," Hardman continued.
To be clear: that is a whole lot of email addresses.
OpenSea claims to be the largest NFT marketplace, and it boasts a transaction volume of over $20 billion and more than 600,000 users, all of which presumably provided their email addresses at one point.
"Because the data compromise included email addresses, there may be a heightened likelihood for email phishing attempts," he added, with some example phishing email domains tossed overboard for good measure.
OpenSea only sends emails from opensea.io, and these messages never include attachments or requests for users to download anything, Hardman noted.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/06/30/opensea_data_breach_phishing/
Related news
- Threat actors are stepping up their tactics to bypass email protections (source)
- Beware of phishing emails delivering backdoored Linux VMs! (source)
- New Phishing Tool GoIssue Targets GitHub Developers in Bulk Email Campaigns (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Phishing emails increasingly use SVG attachments to evade detection (source)
- Why AI alone can’t protect you from sophisticated email threats (source)