penSea, the largest marketplace for non-fungible tokens (NFTs), has suffered a data breach after an employee at its email delivery partner leaked user data. The data includes names, email addresses, and hashed passwords.
In a statement published late on June 29, OpenSea said that an employee of Customer.io had “misused their employee access to download and share email addresses – provided by OpenSea users and subscribers to our newsletter – with an unauthorized external party.”
The data leak affects all OpenSea users and subscribers, regardless of whether they have used the platform to buy or sell NFTs.
This is not the first time a data breach has hit OpenSea. Earlier this year, the platform suffered a similar incident: it had been hacked, and at least 32 customers had lost $1.7 million in NFTs and affected a small number of users targeted in a phishing campaign. The hackers were able to gain access to user accounts and steal NFTs, which were sold on other platforms.
Improving Security Measures
At the time, OpenSea said it had “taken steps to improve our security posture” and “continue to invest significant resources in security.”
OpenSea is currently investigating the incident and has notified affected users. The company is also working with law enforcement to track down the person responsible for the leak. They are urging all affected users to change their passwords on the platform and any other online accounts where they use the same password.
With the increasing value of NFTs, users need to be aware of the risks associated with these digital assets. Be sure to always keep your private keys safe and never click on links from unknown sources.
This is another example of how even the most well-secured platforms can be vulnerable to data breaches. It's important for users to always be vigilant and take steps to protect their own data.