OpenSea Email Vendor Suffers Security Breach
Late last night, OpenSea published a blog article addressing a recent security incident that affected one of its vendors, and as a result, OpenSea's mailing list. OpenSea uses a vendor called Customer.io to manage its email delivery services, and this vendor recently suffered a security breach where one of its employees "misused their employee access to download and share email addresses -- provided by OpenSea users and subscribers to our newsletter -- with an unauthorized party." The blog post further warns of "a heightened likelihood of email phishing attempts."
OpenSea offers a number of safety recommendations in the wake of this news. Users are advised to:
- Ensure emails are sent from a doman address of opensea.io
- Never download anything from an email sent by OpenSea
- Verify the URL of any linked page has a domain of opensea.io or email.opensea.io before clicking
- Never share your password or seed phrase
- Never sign a transaction initiated by an email link
OpenSea will be sending an email (from the domain opensea.io) to any users it believes to have been affected in the breach.