OpenSea NFT Platform Reveals Major Messaging Data Breach That May Affect 1.8 Million Users
Users of the vast OpenSea NFT marketplace are victims of a major data breach after a third-party employee mistakenly uploaded and sent subscribers’ email addresses to an unauthorized external recipient.
OpenSea customers and newsletter subscribers have since received a notice from the company warning them to beware of emails from unknown websites and to overprotect passwords and passcodes. OpenSea has also committed not to send emails requesting a wallet transaction.
The company, in a Tweeter, said, “An employee of our email provider, http://Customer.io, abused their employee access to upload and share email addresses with an unauthorized external party. Email addresses provided to OpenSea by users or newsletter subscribers have been impacted.”
According to data from Dune Analytics, more than 1.8 million users have made at least one purchase through OpenSea’s network. The most obvious attack that could be deployed is email phishing.
OpenSea, which allegedly has more than 80% of the NFT market share, was also the target of a phishing attack in January after $1.7 million worth of NFTs were inexplicably unavailable to users. In January this year, the company also admitted that 80% of NFTs created for free on its platform had been plagiarized.
Sports teams that have sold NFTs in the OpenSea marketplace include the Golden State Warriors, Boston Celtics, and Washington Capitals, to name a few. According to their website, OpenSea also sells Sorare’s digital trading cards as well as Formula 1 NFT from Animoca Brands.
With his credibility at stake, OpenSea co-founder and CEO Devin Finzer made it clear in a blog post in early June that protecting customers is of the highest priority. “At OpenSea, we feel an enormous responsibility to keep our users safe while providing the widest and most inclusive access to the NFT ecosystem possible.”
Finzer also described the implementation of a verification system and a copymint prevention application. But the latest data breach has since created more doubt.