Connect with us

Hi, what are you looking for?

Cyber Security

OpenSea user email addresses leaked by rogue employee at third-party vendor

UPDATED OpenSea, the world’s largest non-fungible token (NFT) marketplace, has revealed that a rogue employee at a third-party vendor has shared its users email addresses with an unauthorized external entity.

“If you have shared your email with OpenSea in the past, you should assume you were impacted,” users were warned by OpenSea head of security Cory Hardman in a blog post yesterday (June 29).

According to OpenSea, the culprit was employed by Customer.io, an automated messaging platform used by marketers to create and send emails, push notifications, and SMS messages.

“We recently learned that an employee of Customer.io, our email delivery vendor, misused their employee access to download and share email addresses – provided by OpenSea users and subscribers to our newsletter – with an unauthorized external party,” said Hardman.

“We are working with Customer.io in their ongoing investigation, and we have reported this incident to law enforcement.”

Customer.io issued the following statement to The Daily Swig:

As soon as we learned of the incident, we took immediate steps to investigate, contain its impact and determine its source, including hiring a third-party forensic investigations firm. We are working closely with OpenSea and are reviewing exactly how these email addresses were compromised.

We believe this resulted from the actions of an employee who had role-specific access privileges that were abused. We do not believe any other clients’ data has been compromised, but we are continuing to investigate. The employee in question has had all access removed and has been suspended pending the conclusion of our investigation.

Additionally we are always working to improve our security and we have launched a comprehensive review of our access and compliance policies and will make adjustments where necessary.

Phishing warning

Hardman warned users of “a heightened likelihood for email phishing attempts”, and urged them to “be alert for any attempt to impersonate OpenSea” from email addresses that look “visually similar to our official email domain, ‘opensea.io’ (such as ‘opensea.org’ or some other variation).”

Moreover, continued Hardman, users should always scrutinize embedded hyperlinks before clicking, and never download attachments from emails purporting to be from OpenSea, or share passwords or secret wallet phrases, or sign wallet transactions, when prompted via email.

Over on Twitter, security researcher ‘CIA Officer’ advised users to be vigilant about the use phishing tool Email Appender, IP-loggers, and canary tokens.

“I strongly recommend checking email header, domain and disable ‘download remote content’, also do not forget about MFA [multi-factor authentication]!” they added.

Founded in in New York in 2017, OpenSea claims to be the world’s first as well as biggest marketplace focused on NFTs and crypto collectibles.

Source: https://portswigger.net/daily-swig/opensea-user-email-addresses-leaked-by-rogue-employee-at-third-party-vendor

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The cyberattack that ultimately led to the breach of several U.S. officials’ email accounts was the result of a China-based threat actor accessing a...

Cyber Security

The cybercrime group evaded remediation efforts by installing persistent backdoors and deploying “new and novel malware.” A Chinese-linked hacking group that security researchers say...

Cyber Security

Media and frequent innovative releases aggressively fuel the rapid industry rise of generative AI (Artificial Intelligence) ChatGPT.  But, besides its innovative part, cybercriminals have...

Cyber Security

The well-known watch manufacturing company Seiko disclosed the data breach notification recently on Aug 2023, targeted by the notorious threat group BlackCat/ALPHV. BlackCat/ALPHV Group has been...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO