Leading international NFT marketplace Opensea announced on Wednesday that there has been a massive email breach in their systems which will subsequently render user data accessible to phishing groups.
Opensea announced that on Wednesday, one of their employees of their mailing vendor abused employee access to share customer email addresses with an “unauthorized third party”. These are email addresses submitted by Opensea users and subscribers to the company’s regular newsletter.
The email breach is not as devastating as other data breaches as only user emails were affected but it still does not change the fact that the email delivery vendor has broken the law of not leaking user addresses around.
Those leaked emails could be sold on the dark web as likely NFT holders and given the potential value that could be accessed by only one person in that list, several attack vectors could be deployed using this information, the most obvious of which will be phishing attacks.
It is also likely that users may receive emails with malicious attachments that are particularly dangerous to people who transact and hold NFTs in a software wallet.
Opensea is however educating users on the different possibilities with different tips on how to recognize phishing addresses, a list of precautions they should take seriously, and a possible security review to verify the authentication of a user’s account.
Users should be wary of any links shared in an email from Opensea, never share their passwords or seed phrases with anyone, and should ignore any wallet transactions being prompted from an email directly.
Featured image source: Blockchain Technology News