NFT Marketplace OpenSea Announces Data Breach Involving User Email Addresses

Console and Associates, P.C.
Contact

Recently, the NFT marketplace OpenSea issued a warning to users as well as those who subscribe to the company’s newsletter that an employee at OpenSea’s email delivery vendor, Customer.io, downloaded a file containing email addresses and shared it with an unauthorized party. In response, OpenSea is advising all potentially affected parties to be on the watch for upcoming phishing emails designed to get victims to provide their personal information.

If you believe you were affected by the OpenSea breach, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the OpenSea data breach, please see our recent piece on the topic here.

Additional Information About the OpenSea Data Breach

According to the company’s news release, OpenSea recently learned that there was what appears to be an intentional leaking of email addresses at Customer.io, a third-party email vendor. Evidently, an employee at Customer.io “misused their employee access to download and share email addresses” with an unauthorized party outside of the organization.

In the wake of the breach, OpenSea advised all users of the platform, as well as anyone who subscribes to the OpenSea newsletter, to be careful of unauthorized emails that appear to come from OpenSea. The company provided several examples of potential domain names from which a phishing email may originate, such as opensea.org, opensae.io, and opensea.xyz. The domain name for OpenSea is opensea.io.

Founded in 2017 in New York, New York, OpenSea is an NFT (non-fungible token) marketplace that allows users to buy and sell NFTs at a fixed price or through an auction format. The company deals in all types of NFTs, including collectibles, gaming items, domain names, digital art, and other items backed by blockchain technology. OpenSea employs more than 200 people and generates approximately $42 million in annual revenue.

Preventing Phishing Attacks

While news of the OpenSea breach is limited, the company indicates that the data breach leaked users’ email addresses. While a leaked email address doesn’t necessarily present the same level of concern as leaked Social Security numbers or financial data, hackers who obtain compromised email addresses may use them in an email phishing attack.

Hackers orchestrate cyberattacks in a few different ways. Phishing attacks are one of the most common types of cyberattacks. In a phishing attack, the hacker sends a seemingly legitimate email requesting the recipient either provide their login credentials or click on a link. For example, hackers will often send the email under the guise that it’s from a business the potential victim has an account with, asking them to “reset” their password. If the victim responds, it gives the hacker access to the victim’s account. In some phishing attacks, hackers ask victims to click on a malicious link. By clicking on the link, the victim downloads malware onto their system, which can have various consequences, but generally involves giving the hacker access to the victim’s system. The information obtained through a phishing campaign can then be used to commit fraud or identity theft against the owner of the information.

Phishing attacks are very common. According to a 2021 study, U.S. employees get an average of 14 malicious emails per year. However, consumers are also frequently targeted directly. One study looking at 55 million emails found that over one percent of all emails were phishing attempts. Because these attacks are very well designed, many people fall for the hackers’ tricks. In fact, on average, 30% of all phishing emails are opened.

Given the frequency of email phishing attacks, it is imperative to stay alert when checking your email and double-check all email domains to ensure they are legitimate. Those who have questions about a recent phishing attempt should contact a data breach lawyer for assistance.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Console and Associates, P.C. | Attorney Advertising

Written by:

Console and Associates, P.C.
Contact
more
less

Console and Associates, P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.