OpenSea data breach exposes huge numbers of users’ email addresses

The case has been reported to legal enforcement, according to the NFT marketplace, and an investigation is currently in progress.

The largest nonfungible token (NFT) marketplace in the world, OpenSea, has sent an alert to users after finding that a Customer.io employee had sent the list of OpenSea users’ email addresses to a third party while working on the platform for managing email newsletters and campaigns.

All users who have provided their email addresses to the marketplace, whether for the platform or its newsletter, have been impacted by the breach. OpenSea warned users about possible phishing attempts after the hack.

On Thursday, the NFT market revealed that it had spoken to law enforcement about the incident and that an inquiry was ongoing.

The current data breach is by no means the year’s first significant attack on OpenSea and its users. The popular NFT marketplace’s Discord server was hacked in May, which sparked a flood of phishing attacks. Several users’ wallets were affected by the incident. The platform experienced one of its most severe attacks to date in January, during which an attack enabled attackers to sell NFTs without approval. The market covered losses of $1.8 million.

Customers’ usernames, phone numbers, and email addresses on BlockFi, Swan Bitcoin, NYDIG, and Circle were made public after Hubspot, a site similar to Customer.io, was breached in March. Names, phone numbers, and email addresses of users of various platforms were disclosed to an unidentified party.

According to an alert from OpenSea, hackers may try to contact OpenSea customers by sending emails from domains that resemble OpenSea.io or OpenSea.xyz. Twitter users have noted an upsurge in spam emails, texts, and phone calls.