OpenSea has to report a major breach and customer email data leak

NFT giant suffers a massive leak of users' email addresses

OpenSea marketplace suffers breachEmail vendor employee leaked database with customer emails of all OpenSea users

The biggest and the most influential NFT marketplace, OpenSea issued a warning for users. People were informed about the possibility that users can be contacted by malicious actors by email from OpenSea.net or OpenSea.org.[1] Phishing emails can be sent to users in an attempt to scam them further. The incident became an issue after the staff member of Customer.io leaked list o emails of OpenSea users.[2] This site is the platform used for managing email campaigns and newsletters.

The employee responsible for the email vendor service has revealed the list of emails that include users who provided their details for newsletters and other contacting purposes.[3] The email sent out by the OpenSea officials informs about the incident and warns users about possible malicious actor campaigns and additional scam emails, and other incidents.

OpenSea is the world's largest non-fungible tokens[4] marketplace. This breach affects all of the users that have provided their emails to the platform. People should be aware of potential phishing attempts. The NFT marketplace noted that this incident was reported to law enforcement officials, that have all the details to start the investigation.

The massive scale of the data breach

No matter if the user provided the email address on the platform or for the OpenSea newsletter, their email address was on the leaked list. It means that millions of people can be exposed due to this breach. Almost 2 million users have made at least one purchase via the Ethereum network on OpenSea.[5]

The OpenSea officials did not confirm whether this database only included email addresses or any other data from user accounts like cryptocurrency wallet details. The marketplace has suffered various incidents affecting users. The leading NFT marketplace has been involved in data leaks, pull-scale attacks, phishing attacks, and other issues.

The popularity of these non-fungible tokens and cryptocurrency, and the popularity of the platform itself have their minuses. OpenSea Discord servers have been hacked, and various scam messages surfaced because of this. Actors have stolen around $3 million of NFT from users by tricking them into allowing malicious transactions via emails.

Hubspot was recently hacked

Another service comparable to the Customer.io services exposed more than emails not so long ago. Back in March, a data breach at HubSpot – another customer relations management software firm, affected many platforms. This incident led to breaches at BlockFi, Circles, Swan Bitcoin, and NYDIG. The breach included emails, names, and phone numbers of the users related to all of these platforms that got leaked online due to the access of the external party.

Hubspot has confirmed that an unauthorized third-party gained access to certain BlockFi client data housed on their platform.

Bad actors can use these details for phishing attacks and gain access directly to the funds and accounts via user-provided passwords. Back then, BlockFi and other platforms confined that internal systems and client funds were not accessed due to breach and third-party vendors only had access t the database with emails, names, and phone numbers.

OpenSea started the investigation with Customer.io and law enforcement, so it is expected to get these details from officials later on once the investigation is done. Officials only warned users to avoid emails received from domains similar to the official OpenSea.io email like OpenSea.net, and OpenSea.org.

About the author
Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

Gabriel E. Hall is a passionate malware researcher who has been working for 2-spyware for almost a decade.

Contact Gabriel E. Hall
About the company Esolutions

References