Major NFT marketplace OpenSea warned their users that their emails have most likely been leaked and reminded them of 5 recommendations on how to protect yourself from email phishing attempts.
“We recently learned that an employee of Customer.io, our email delivery vendor, misused their employee access to download and share email addresses – provided by OpenSea users and subscribers to our newsletter – with an unauthorized external party,” the company said, adding that they have reported this incident to law enforcement.
Because the data compromise included email addresses, there may be a heightened likelihood of email phishing attempts, the firm said, urging their users to “treat any future emails that appear to be from OpenSea carefully.”
The marketplace offered 5 safety recommendations:
- “Be cautious of phishing emails from addresses trying to impersonate OpenSea. OpenSea will ONLY send you emails from the domain: ‘opensea.io.’ Please do not engage with any email claiming to be from OpenSea that does not come from this email domain.
- Never download anything from an OpenSea email. Authentic OpenSea emails do not include attachments or requests to download anything.
- Check the URL of any page linked in an OpenSea email. We will only include hyperlinks to ‘email.opensea.io.’ URLs. Make sure that ‘opensea.io’ is spelled correctly, as it’s common for malicious actors to impersonate URLs by shuffling letters.
- NEVER share or confirm your passwords or secret wallet phrases. OpenSea will never prompt you to do this – in any format.
- NEVER sign a wallet transaction prompted directly from an email. OpenSea emails will never contain links which directly prompt you to sign a wallet transaction. Never sign a wallet transaction that doesn’t list the origin of https://opensea.io if you were led there by email.”