In June 2022, OpenSea faced an email breach that led to phishing attacks. Recent disclosure of over 7 million addresses has amplified risks for affected users.
Timeline of the Incident
OpenSea was thriving in June 2022, attracting over 120 million monthly visitors. An employee of Customer.io used their access to share OpenSea user email addresses with a third party, affecting users and notable crypto figures such as Binance CEO Changpeng Zhao.
Data Becomes Public
According to cybersecurity expert 23pds, a million email addresses are now publicly accessible, including those of industry leaders and traders, heightening phishing attack risks. Phishing scams pose major threats, with attackers using the compromised data to send fraudulent emails.
Recommendations for Users
SlowMist's expert advises affected users to take immediate precautions: create strong, unique passwords and use a password manager for secure storage. Two-factor authentication (2FA) via authenticator apps is highly recommended. OpenSea also reminded users to be wary of emails from unofficial domains.
The OpenSea incident highlights the need for enhanced security in the crypto industry and vulnerabilities linked to third-party services. Platforms should thoroughly review processes to safeguard user data.
