In wake of a recent data breach through its email vendor, leading NFT marketplace OpenSea has now warned its customers that they may be at risk of phishing scams.
According to a blog post made yesterday, the employee in question, who worked at the platform’s email delivery partner Customer.io, “misused their employee access to download and share email addresses – provided by OpenSea users and subscribers to our newsletter – with an unauthorised external party”.
OpenSea has since prompted all users who’ve shared their email address with the platform to assume that their data was involved in the breach, and further, it’s warned them to stay cautious when handling their emails. More specifically, the platform told users to look out for domain names that mimic its legitimate OpenSea.io address, such as OpenSea.xyz or OpenSea.org.
Following the leak, the phishers have acted swiftly in their operations, as some users have already taken to Twitter to showcase the subsequent phishing emails they’ve received.
With regards to the action taken toward the employee, OpenSea has stated that it will be assisting Customer.io in its ongoing investigation and that it has also reported the incident to law enforcement.