If you've shared an email address with Open Sea, you'll get some phishy emails soon.
OpenSea said that an employee of its email delivery vendor Customer.io has been sharing email addresses with an unauthorized third party. Open Sea users and subscribers to the company's newsletter can find these addresses.
The company said that they have reported the incident to law enforcement.
One of your email delivery vendor's main jobs is not to leak user addresses, so this isn't as bad as other data breeches.
It's almost certain that every OpenSea user will be the target of a scam in which they will be tricked into handing over their private keys or installing malicious software.
OpenSea has prepared users for this possibility with a list of precautions they should take, as well as some tips on what types of swastikas they might see, and only trusting emails that are coming from the Opensea.io domain. Users should be cautious of any URLs shared in an OpenSea email and should never sign wallet transactions from an email.
OpenSea has had security issues in the past. In January and May, a vulnerability was exploited in order to sell users' NFTs and keep the profit. An OpenSea employee was arrested for trading on inside information.