OpenSea: Customer Email Addresses Have Been Compromised

pcmag.com:

OpenSea is warning customers that someone has made off with their email addresses.

The NFT marketplace says(Opens in a new window) it "recently learned that an employee of Customer.io, our email delivery vendor, misused their employee access to download and share email addresses—provided by OpenSea users and subscribers to our newsletter—with an unauthorized external party."

OpenSea says that it's "working with Customer.io in their ongoing investigation" and has "reported this incident to law enforcement." But people whose contact information was compromised should be extra vigilant about potential email-based phishing campaigns as a result of this leak.

The company says OpenSea customers should be on the lookout for emails coming from lookalike domains such as "opensae.io," "opensea.org," and "opensea.xyz"; refrain from downloading anything from emails appearing to come from OpenSea; and be wary of any links in these emails.

OpenSea also reiterated that it will never ask users to "share or confirm your passwords or secret wallet phrases" or send emails containing "links which directly prompt you to sign a wallet transaction." Any messages that violate those promises should be deleted immediately.

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.

Your subscription has been confirmed. Keep an eye on your inbox!