OpenSea Data Breach – First They Steal, Then They Pish

Recently, we’ve been hearing about data breaches almost every day. Threat actors any kind of company all over the world, be it big or small. What’s worse is that with information gathered, the attackers can inflict further damage, especially if the stolen data belongs to customers. Unfortunately, that’s the case now with OpenSea as it suffered a huge data breach.

The company is one of the largest non-fungible token (NFT) marketplace. Well, it does have more than 600,000 users and 20+ billion dollars in transaction volume.

OpenSea went through similar predicaments in the past, but this time it’s a bit different. The information can be used in all sorts of malicious activities, including phishing attacks. What happens next? What are the attackers after? Here’s everything you need to know.

SeaOpen Data Breach – It Doesn’t Stop There

Attacks that result in breaches are pretty common nowadays. Even the biggest companies such as Lockheed Martin suffered a breach a while ago. What’s more common are phishing attacks as studies show that 84% of all cyber attacks were distributed via e-mail in 2021.

OpenSea stated that, on Wednesday, the company suffered a huge data breach as a result of an employee’s malicious activities. According to The company’s Head Of Security, Cory Hardman, this employee works for Customer.io, which is OpenSea’s email delivery vendor.

The person downloaded email addresses that belong to customers that are registered with the company. Yeah, the employee didn’t stop there. Once he obtained the data, he shared it with an unauthorized external party.

Aside from announcing the breach, the company is urging its customers to watch out for phishing attempts impersonating it.

“If you have shared your email with OpenSea in the past, you should assume you were impacted.

We are working with Customer.io in their ongoing investigation, and we have reported this incident to law enforcement.

Because the data compromise included email addresses, there may be a heightened likelihood for email phishing attempts.“

In other words, if anyone receives an email from OpenSea, make sure it’s the actual company before making any move.

They should always look out for shady domains that may resemble the official OpenSea website. These include opensea.org, opensea.xyz, and opeansae.io.

Aside from that, make sure to never share or confirm your passwords with anyone. Not to mention sign wallet transactions via email. You can do so manually.

And finally, this is novice phishing attack information, never open anything in the email. Don’t click on links, don’t download any attachments, nothing.

If you want to check the legitimacy of the email, contact OpenSea by visiting its official website. Other than that, just look the other way.

An Open Sea of Phishing Opportunities

OpenSea has had its fair share of cyber attacks in the past. Now, with this one, things got a bit bigger as it impacts the company’s customers as well.

The platform stated that it’s working with law enforcement and are cooperating in their investigation. Let’s hope they settle and fix everything soon. Phishing attacks are increasing day by day, and you can avoid them with ease. Stay safe.