OpenSea Hit With Huge Data Breach, Email Addresses Likely Shared With Scammers

thegamer.com:

Users of the largest NFT auction site, OpenSea, are being told to remain vigilant, as their email addresses have been stolen and shared with potential scammers. The breach comes from an employee of OpenSea's partner, Customer.io, who "misused their access" to pass email addresses on to an "unauthorized external party".

While OpenSea has not clarified how many accounts have been breached, it says that all past and present users of the site should assume they were impacted. The matter has been passed on to law enforcement, but it remains to be seen if an investigation is launched.

Related: Axie Infinity Is A Classic Example Of What’s To Come For NFT Games

"We recently learned that an employee of Customer.io, our email delivery vendor, misused their employee access to download and share email addresses with an unauthorized external party", a statement from OpenSea reads. "Please stay vigilant about your email practices, and be alert for any attempt to impersonate OpenSea via email."

This isn't the first breach to hit OpenSea this year. As we reported in February, $1.7 million worth of NFTs were stolen from Opensea users, due to an apparent vulnerability in the site. OpenSea denies this was the case, but was sued by users who blamed its apparent poor security measures.

On top of this, the site has also hosted a range of stolen material. This includes art, as well as whole YouTube channels and photoshopped images of celebrities. Most disturbingly, this included a user who photoshopped celebrities into porn, which were then sold as NFTs on the site. This raised questions about OpenSea's ability to vet the material it hosted.

The full extent of the most recent controversy has not yet been realized. However, many users are