OpenSea, an NFT marketplace, experienced a data breach due to a worker at its email delivery partner leaking customer information.
An employee of Customer.io “misused their employee access to obtain and distribute email addresses – provided by OpenSea users and subscribers to our newsletter – with an unauthorized external party,” according to a blog post by OpenSea posted late on June 29.
Key Highlights:
- Emails belonging to customers were divulged to a third party by a worker of OpenSea’s email delivery partner, Customer.io.
- There is now “a heightened potential for email phishing attempts,” the NFT platform has advised customers.
The security compromise looks to be of enormous scope. The firm stated that “if you have given your email with OpenSea in the past, you should presume you were impacted,” and that it has reported the issue to law police. It also added that it is cooperating with Customer.io in an ongoing investigation.
According to Dune Analytics, an open-source crypto analytics platform, more than 1.8 million customers have made at least one purchase using the Ethereum network on OpenSea.
OpenSea employee was recently arrested for fraud.
The US Department of Justice has filed wire fraud and money laundering charges against Nathaniel Chastain, the former head of product at OpenSea.
The Department of Justice claims that Chastain utilized proprietary information regarding which NFTs would be highlighted on OpenSea’s site for his financial benefit.
He was then taken into custody.
Final Thoughts
Crypto companies are tightening security measures as data breaches become a frighteningly prevalent occurrence. As a result, future data protection guidelines may be based on Opensea’s experience, among many others.
