NFT Marketplace OpenSea announces data breaches involving users email addresses | Console and Associates, PC
Recently, the NFT marketplace OpenSea issued a warning to users as well as those who subscribe to the company’s newsletter that an employee of OpenSea’s email delivery provider, Customer.io, downloaded a file containing email addresses and shared it with a unauthorized party. In response, OpenSea advises all potentially affected parties to be on the lookout for upcoming phishing emails designed to prompt victims to provide personal information.
If you think you were affected by the OpenSea breach, it is important that you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the OpenSea data breach, please see our recent section on the subject here.
Additional information about the OpenSea data breach
According to the company’s press release, OpenSea recently learned that there appeared to be an intentional leak of email addresses at Customer.io, a third-party email provider. An employee of Customer.io “apparently abused employees’ access to download and share email addresses” with an unauthorized party outside the organization.
In the wake of the breach, OpenSea advised all users of the platform, as well as anyone who subscribes to the OpenSea newsletter, to be careful about unauthorized emails that appear to come from OpenSea. The company provided several examples of potential domain names that a phishing email might originate from, such as opensea.org, opensae.io and opensea.xyz. The domain name for OpenSea is opensea.io.
OpenSea was founded in 2017 in New York, New York, and is an NFT (non-fungible token) marketplace that allows users to buy and sell NFTs at a fixed price or through an auction format. The company sells all types of NFTs, including collectibles, game items, domain names, digital art and other items supported by blockchain technology. OpenSea employs more than 200 people and generates approximately $ 42 million in annual sales.
Prevention of phishing attacks
While the news of the OpenSea breach is limited, the company indicates that the data breach leaked users’ email addresses. Although a leaked email address does not necessarily present the same level of concern as leaked social security numbers or financial data, hackers who receive compromised email addresses can use them in an email phishing attack.
Hackers orchestrate cyber attacks in several different ways. Phishing attacks are one of the most common types of cyberattacks. In a phishing attack, the hacker sends a seemingly legitimate email asking the recipient to either provide login information or click on a link. For example, hackers will often send the email under the guise that it is from a company that the potential victim has an account with, and ask them to “reset” their password. If the victim responds, it gives the hacker access to the victim’s account. In some phishing attacks, hackers ask victims to click on a malicious link. By clicking on the link, the victim downloads malware to their system, which can have different consequences, but generally involves giving the hacker access to the victim’s system. The information obtained through a phishing campaign can then be used to commit fraud or identity theft against the owner of the information.
Phishing attacks are very common. According to a study from 2021, American employees receive an average of 14 malicious emails per year. But consumers are also often targeted directly. A study that looked at 55 million emails found that over one percent of all emails were phishing attempts. Because these attacks are very well designed, many fall for the hackers’ tricks. In fact, an average of 30% of all phishing emails open.
Given the frequency of phishing attacks on email, it is important to be vigilant when checking your email and double check all email domains to make sure they are legitimate. Those who have questions about a recent phishing attempt should contact a data breach lawyer for assistance.