Vendor of NFT marketplace 'OpenSea' leaks user's email address to the outside, risk of phishing



On June 29, 2022, OpenSea, a service that can generate NFTs and put up auctions, revealed that an employee of the company's email distribution vendor, Customer.io, leaked the email address of an OpenSea user to the outside. Announced that it was done. OpenSea is urging its users and newsletter subscribers to be very careful as they expect to receive malicious emails disguised as OpenSea.

Important Update on Email Vendor Security Incident --OpenSea Blog
https://opensea.io/blog/safety-security/important-update-on-email-vendor-security-incident/

NFT giant OpenSea reports major email data breach | TechCrunch
https://techcrunch.com/2022/06/30/nft-opensea-data-breach/

According to OpenSea of the NFT marketplace, this leak of personal information was caused by an employee of Customer.io, an email distribution vendor with which the company has a contract, who abused access rights to download email addresses and was not authorized outside. It is said that it was caused by sharing with a person. OpenSea describes the extent of the damage as 'people who have provided email addresses to OpenSea in the past, such as marketplace users and newsletter subscribers.'

According to Dune Analytics, the Ethereum blockchain analytics service, more than 1.8 million users have made more than one transaction through OpenSea's Ethereum network.

Since the user's email address was leaked, the victim may receive malicious emails such as phishing scams using OpenSea. Therefore, OpenSea calls attention to emails that come from email addresses similar to the company's domain 'opensea.io', and if you receive such emails, open them, download attachments, and access links. I asked you not to do anything or enter a password or secret wallet phrase.



An OpenSea spokeswoman told TechCrunch, an IT news site, 'We believe the cause of this leak was abuse of access rights limited to personnel. Data from other clients was compromised. I'm not thinking, but I'm continuing the investigation. The employee in question has been deprived of all access rights and has been suspended until the investigation is complete. '

Problems have occurred frequently in OpenSea, and in January 2022 it was discovered that NFTs were eager to buy at an unreasonably low price due to a system malfunction, and in February a total of 200 million An incident occurred in which 254 NFTs worth the yen were stolen. Due to these scandals, it is reported that the volume of transactions on OpenSea has dropped significantly.

254 NFTs totaling 200 million yen are stolen from NFT market giant 'OpenSea' --GIGAZINE

in Web Service,   Security, Posted by log1l_ks