On Thursday, OpenSea suffered a data breach after an employee at the platform's email delivery partner leaked user data.
The marketplace revealed in a blog post that an employee of Customer.io "misused their employee access to download and share email addresses provided by OpenSea users and subscribers to our newsletter with an unauthorized external party."
OpenSea warned users to watch out for potential phishing attacks following the breach, noting that “there may be a heightened likelihood for email phishing attempts.” The company provided a list of guidelines to help its users stay safe, including looking out for visually similar but misspelled domain names. It also warned users against sharing cryptocurrency wallet passwords and signing transactions posted via email links.
Though OpenSea did not confirm if the breach included cryptocurrency wallet data, it said anyone who has shared an email address with the company should assume they were impacted.
Yesterday’s breach is the latest in a long line of exploits that have plagued the leading NFT space. Last month, OpenSea’s Discord server was breached, directing users to mint fake YouTube Genesis Mint Passes.
A similar incident occurred in March when hackers breached the third-party marketing vendor HubSpot to target large crypto stakeholders. NYDIG, Pantera Capital, BlockFi, Circle, and Swan Bitcoin were among the affected companies.