OpenSea recently discovered that an employee of Customer.io, their email delivery vendor, downloaded and shared the email addresses of OpenSea users and those who are subscribed to their newsletter. Who has been affected? If you have ever shared your email with OpenSea in the past, you should assume that you are impacted. OpenSea claims that they are working with Customer.io in their ongoing investigation, and they have also reported this incident to law enforcement.
Because the data compromise includes email addresses, there may be a heightened likelihood for email phishing attempts. The advice from OpenSea is to “please stay vigilant about your email practices, and be alert for any attempt to impersonate OpenSea via email”. It is always important to exercise caution and use safe practices, but now more so than ever. If this news has you feeling alarmed, fear not. Here are 5 tips on how you can stay safe.
How Can You Protect Yourself?
1) Be cautious of phishing emails from addresses trying to impersonate OpenSea. OpenSea will ONLY send you emails from the domain: ‘opensea.io.’ Please do not engage with any email claiming to be from OpenSea that does not come from this email domain.
2) Never download anything from an OpenSea email. Authentic OpenSea emails do not include attachments or requests to download anything.
3) Check the URL of any page linked in an OpenSea email. We will only include hyperlinks to ‘email.opensea.io.’ URLs. Make sure that ‘opensea.io’ is spelled correctly, as it’s common for malicious actors to impersonate URLs by shuffling letters.
4) NEVER share or confirm your passwords or secret wallet phrases. OpenSea will never prompt you to do this – in any format.
5) NEVER sign a wallet transaction prompted directly from an email. OpenSea emails will never contain links that directly prompt you to sign a wallet transaction. Never sign a wallet transaction that doesn’t list the origin of https://opensea.io if you were led there by email.
Please be aware that malicious actors may try to contact you using an email address that looks visually similar to OpenSea’s official domain.
It is important to get educated and stay one step ahead of scammers to protect your personal assets. Please share this message with your friends so that as few people are affected as possible. Stay safe out there fellow degens.