OpenSea, the largest NFT market, suffered an email leak, which affected all users who are subscribed to its newsletter, or who have ever shared their address with the platform.
The company specified that the leak occurred through his email provider Costumer.io. A malicious employee, using their access to OpenSea user data, downloaded and shared with a third party the emails of those who use the platform.
Open Sea warns its users that the leak, although it does not involve theft of private wallet keys, does compromise the privacy of each one of them. This is not the first time something like this has happened. In the past, users of this platform suffered theft through an attack phishing, that sent fraudulent links to the emails of its clients, as reported by CriptoNoticias
It should be noted that OpenSea does not require registration via email to be used (although it does provide that option). Registration can be done through an Ethereum wallet as is the case with MetaMask.
OpenSea recommends, taking into account that its users have already suffered this type of attack, to have good security practices. The main one is not to interact with email addresses that do not come from OpenSea.io. It also advises not to sign transactions that are executed after opening a link via email, among other recommendations.
For now, the company warned the police, and is working together with Customer.io to clarify the facts.