The email addresses of OpenSea users may have been compromised when an employee of its email delivery vendor misused their employee access.
In a statement posted through its official Twitter account, it shared that the email addresses of its users may have been compromised by an employee of its email delivery vendor. According to the tweet, an employee of Customer.io misused their employee access to download and share the email addresses with an unauthorized external party.
In the lengthy Twitter thread, They said the compromised email addresses were from their users and newsletter subscribers. Although it has not pinpointed whose email addresses were affected, OpenSea said those who have shared their emails with the company must assume theirs have been impacted.
OpenSea Calls for Vigilance
They assured its users that it is working with Customer.io in its ongoing investigation. It has also reported the incident to law enforcement. Still, it advises its users to protect themselves, assuming their email addresses were affected.
The company is calling for its users to stay vigilant, more so with their email practices, and be alert for email addresses attempting to masquerade via email. Since the compromised data included email addresses, They alerts users of the high potential of email phishing attempts.
OpenSea asks its users to be alert for attempts from malicious actors who will try to contact them using an email address that, at first glance, looks visually similar to its official “.io” domain. Below are some of the example phishing addresses that OpenSea posted on its blog and Twitter thread:
OpenSea’s Safety Recommendations
Although they are aware that its users know the importance of email safety and are capable of applying safe email practices, it strongly recommends that its users follow some guidelines. It also asks its users to deal carefully with any future emails that look to be from the marketplace.
Here is a list of safety recommendations for its users:
1. Never entertain emails from addresses impersonating OpenSea. Those are phishing emails. They will only send emails from the “opensea.io” domain. Users are advised not to engage with any email alleging to be from anyone claiming to be them, if it does not come from the aforementioned email domain.
2. Legitimate and authentic emails do not contain attachments, nor do these request users to download anything. Users are advised never to download anything from an email.
3. Users must check the URL of any page linked in an email. Emails will only include hyperlinks to “email.opensea.io” URLs. Malicious actors commonly mimic URLs by shuffling some letters, so OpenSea users are advised to ensure that “opensea.io” is correctly spelled.
4. OpenSea will never prompt users to share or confirm their passwords or secret wallet phrases in any format. Users are advised never to share the information.
5. Emails will never contain links that directly prompt users to sign a wallet transaction. Supposing users are led to signing a wallet transaction through an email prompt, they are strongly advised never to sign a wallet transaction that doesn’t list the origin of https://opensea.io.
It calls for its users to help in keeping the community safe. They can do so by reporting any suspicious communication appearing or claiming to be from them to support.opensea.io. It also reiterated that the trust and safety of its users are of utmost importance; thus, it is in full cooperation with law enforcement in its investigation of the incident.
Get more news updates
Get more NFT news updates at Omnimint News. For more information on Omnimint, and details on how to join our community, please follow our Twitter, or subscribe to our Telegram channel for more updates, and please feel free to submit your article