The biggest nonfungible tokens (NFT) marketplace in the world, OpenSea, has issued a warning to users after learning that a Customer.io employee may have sent the list of NFT market users’ email addresses to a third party while working on the platform for handling email newsletters and campaigns.
The problem has an effect on all users who have given the marketplace their email addresses, either for the platform or its newsletter. OpenSea warned consumers about potential phishing efforts after the hack.
On Thursday, the NFT market said that it had spoken to law authorities about the incident and that a probe was ongoing.
OpenSea has been quite vulnerable to breaches and attacks
OpenSea’s recent data leak is far from the first significant attack this year on the marketplace and its subscribers. In May, the popular NFT marketplace’s Discord server was breached, leading to a flurry of phishing attempts. Various users’ wallets were in fact abused.
The platform had one of its most serious attacks to date in January, during which a vulnerability permitted hackers to sell NFTs without authorization. The market covered losses of $1.8 million.
Customer.io rival Hubspot was breached in March, revealing users’ identities, contact information, and email addresses on BlockFi, Swan Bitcoin, NYDIG, and Circle. Names, phone numbers, and email addresses of users of various sites were disclosed to an unauthorized person.
Hackers may try to contact NFT market clients by sending emails from names that resemble OpenSea.io or OpenSea.xyz, according to a warning from the NFT market. Twitter users have noted an upsurge in spam emails, texts, and phone calls.
Inquiring as to whether the outside party received the list of email addresses or whether they also received the list of associated blockchain addresses, renowned cryptocurrency whistleblower Fatman Terra questioned.
An NFT marketplace staff responded by saying that Customer.io did not have access to the user’s wallet address.