OpenSea phishing threat after rogue insider leaks customer email addresses

2022-06-30 21:20

An employee of OpenSea's email delivery vendor Customer.io "Misused" their access to download and share OpenSea users' and newsletter subscribers' email addresses "With an unauthorized external party," Head of Security Cory Hardman warned on Wednesday.

"If you have shared your email with OpenSea in the past, you should assume you were impacted," Hardman continued.

To be clear: that is a whole lot of email addresses.

OpenSea claims to be the largest NFT marketplace, and it boasts a transaction volume of over $20 billion and more than 600,000 users, all of which presumably provided their email addresses at one point.

"Because the data compromise included email addresses, there may be a heightened likelihood for email phishing attempts," he added, with some example phishing email domains tossed overboard for good measure.

OpenSea only sends emails from opensea.io, and these messages never include attachments or requests for users to download anything, Hardman noted.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/06/30/opensea_data_breach_phishing/

#email #leak #phishing #threat

News URL

Related news