- The largest NFT marketplace in the ecosystem, OpenSea has admitted that a significant security breach led to the leaking of its users’ private data.
- The hacker obtained emails from people who operate at OpenSea, information that could be used to send phishing links.
- This information was compromised through Customer.io, the platform’s email delivery partner.
One of the aspects that crypto users must take great care of is their privacy because the probability of being or not being a victim of a hack depends on it.
However, sometimes the security of the users is out of their hands since the errors or vulnerabilities come directly from the platforms. Example of this is OpenSea, one of the largest non-fungible token (NFT) markets, has admitted that a significant security breach led to the leak of its users’ private data.
In particular, some user emails were leaked, and some may wonder: Why is it so dangerous that hackers have the email of users operating in OpenSea?
The answer lies in Phishing: The hacker obtained the emails of people who operate at OpenSea and therefore has valuable information that he can use to send emails with phishing links that can cause the loss of user funds and much more.
What happened?
OpenSea issued a release on his blog in which he explained that:
“ A Customer.io employee misused their employee access to download and share email addresses, provided by OpenSea users and our newsletter subscribers, with an unauthorized outside party“.
For those who don’t know, Customer.io is the platform’s email delivery partner.
OpenSea alerts users
OpenSea recommended that all users who have ever shared their email with the platform in the past should assume that they were affected by the leak.
“If you have shared your email with OpenSea in the past, you should assume that it was affected. We are working with Customer.io on their ongoing investigation and have reported this incident to the police.a,” the company said.
Nevertheless, OpenSea assured that they will send an email to those users who they determine have a higher probability of having been affected. It is essential to note that said email will be under the domain “opensea.io”.
In fact, some users reported on Twitter that they had received this warning email from OpenSea and shared screenshots of what they looked like.
How to avoid being a victim of phishing?
OpenSea considers it highly likely that malicious actors will attempt to send email using an email address that visually resembles the official OpenSea domain (opensea.io).
“Please stay cautious. Malicious actors can use this information to impersonate OpenSea in email phishing attempts”, said OpenSea on Twitter.
For example, some variations hackers can use are: opensae.io, opensea.org, opensea.xyz. So if you receive an email from these domains, please delete the email! Don’t click on any links!
In this way, the security measures that OpenSea shares are the following:
- Check the email domain. It should be ‘opensea.io’.
- NEVER download anything from an email sent by OpenSea.
- Always check the URL of any page found in an email from OpenSea. It will always include hyperlinks to “email.opensea.io”.
- NEVER share your seed phrase with anyone. OpenSea will NEVER request it.
- OpenSea will NEVER ask you to sign wallet transactions from your emails.
- Always carefully review anything you sign with your wallet. And, if in doubt, don’t sign!
- Do not interact with emails and files sent by strangers.
If you want to learn more about what phishing is, how it works and how to prevent it, we invite you to carefully read the guide specially designed by Bitcoin Mexico.
You might be interested in: