Users of biggest NFT marketplace warned over phishing after data leak

theguardian.com:

The world’s biggest marketplace for non-fungible tokens (NFTs) has warned its users to be on the alert for email phishing attacks following a massive data leak.

OpenSea, where traders exchange the crypto assets, told customers and newsletter subscribers not to open emails and files “sent by strangers” after revealing the breach.

It said its email database had been passed to an unnamed “unauthorised external party” by an employee at a firm used by OpenSea to send automated emails.

“We recently learned that an employee of Customer.io, our email delivery vendor, misused their employee access to download and share email addresses – provided by OpenSea users and subscribers to our newsletter – with an unauthorised external party,” said OpenSea.

It added that the potential impact was widespread. “If you have shared your email with OpenSea in the past, you should assume you were impacted.” OpenSea said the incident had been reported to law enforcement.

New York-based OpenSea said there may be a “heightened likelihood” for email phishing attempts targeting people whose data has been leaked. Phishing attacks involve tricking victims via email into downloading malware or handing over their login details. According OpenSea’s website, it has more than 600,000 users.

In a message sent to those affected, OpenSea urged users to be “extra cautious” about email safety. The firm warned users to avoid emails that impersonate its opensea.io domain and not to download anything from an opensea email, as well as avoiding opening any emails or files from strangers.

A customer.io spokesperson said: “We are working closely with OpenSea and are reviewing exactly how these email addresses were compromised. We believe this resulted from the actions of an