OpenSea Email Vendor Suffers Security Breach

Late last night, OpenSea published a blog article addressing a recent security incident that affected one of its vendors, and as a result, OpenSea's mailing list. OpenSea uses a vendor called Customer.io to manage its email delivery services, and this vendor recently suffered a security breach where one of its employees "misused their employee access to download and share email addresses -- provided by OpenSea users and subscribers to our newsletter -- with an unauthorized party." The blog post further warns of "a heightened likelihood of email phishing attempts."

OpenSea offers a number of safety recommendations in the wake of this news. Users are advised to:

Ensure emails are sent from a doman address of opensea.io
Never download anything from an email sent by OpenSea
Verify the URL of any linked page has a domain of opensea.io or email.opensea.io before clicking
Never share your password or seed phrase
Never sign a transaction initiated by an email link

OpenSea will be sending an email (from the domain opensea.io) to any users it believes to have been affected in the breach.

Author Bio

Bill Monighetti

Lucky Trader COO

A web3 degen with a soft spot for pixel art, Bill previously served a variety of roles at FantasyLabs/The Action Network including product manager and NFL news reporter. Red-pilled into NFTs by NBA Top Shot during the winter of 2020.

Disclaimer: The author or members of the Lucky Trader staff may own NFTs discussed in this post. Furthermore, the information contained on this website or the Lucky Trader mobile application is not intended as, and shall not be understood or construed as financial advice. AI may have assisted in the creation of this content.