OpenSea shared today that it is the victim of a data breach, though it is one of its vendors. An employee of Customer.io downloaded and shared stored email addresses associated with Open Sea accounts with an unknown third party. According to a post by the company's head of security, email addresses should be assumed to have been impacted. It appears that no passwords or other personal information was taken.
The company is working with a third party. Hardman said to be alert for attempts to impersonate Open Sea via email.
There appears to be no further damage beyond the leaked email addresses after hundreds of NFTs were stolen in February. The number of affected people is significant. According to data from Dune Analytics, 1.8 million users made purchases through the Open Sea.
Yesterday the company sent emails to OpenSea users who they suspected were involved in a scam and warned them to be on the lookout. Users were warned not to sign wallet transactions directly from an email or to share or confirm secret wallet phrases, as well as not to download attachment or click on a link from an Open Sea email.
The person who received the email addresses has not been named. An employee of Customer.io had access to the Open Sea data that they abused, according to a representative from the company. We don't think any other clients' data has been compromised, but we are still investigating. All of the employee's access was removed and he was suspended pending the conclusion of the investigation.