OpenSea, the largest marketplace for NFT tokens by volume, has been hit by a data breach after an employee of Customer.io, the platform’s contracted email partner, leaked user data.
In a blog post , the platform said : “A Customer.io employee misused access to download and share email addresses provided by our users and subscribers to our newsletter with an unauthorized third party.
The scale of the security breach appears to be significant. All customers who have shared their email with the platform in the past should assume that they were affected by the breach.
She added that this could increase the potential for phishing email attempts to impersonate OpenSea.
The platform said attackers could try to contact customers via emails from domains similar to OpenSea.io.
More than 1.8 million users have made at least one purchase through the Ethereum network via OpenSea. Some customers took to Twitter to share screenshots showing that OpenSea contacted them via email to inform them of the breach.
The company added that it is assisting Customer.io with its ongoing investigation, and has reported the incident to law enforcement.
Although companies that focus on cryptography usually pay increasing attention to the security aspects of their operations. But this is not the first time that companies operating in this field have been exposed to a major data leak.
Crypto startups are emerging as a target for cyber attacks as the industry experiences explosive growth and money inflows.
Blockchain-based decentralized networks promise better security. But regular users tend towards centralized services like OpenSea.
OpenSea suffers massive email data breach
A data breach at HubSpot, a customer relationship management software company, in March resulted in hackers stealing customer data from Circle, BlockFi, Pantera Capital, NYDIG and other prominent crypto firms.
“Information that may have been accessed includes first and last name, email addresses, postal addresses, phone numbers and organizational ratings,” Pantera Capital said at the time.
Last month OpenSea also saw its server within Discord hacked and inundated with phishing ads promoting an NFT minting scam.
In January, the NFT platform also fell victim to one of the most impactful attacks to date. The hackers used the loophole to buy several NFTs at a price well below their market value.
OpenSea, the popular NFT marketplace that had a valuation of $13 billion in January, subsequently paid about $1.8 million to users who mistakenly sold NFT, with the rollout of the inactive lists feature.
These platforms are growing at a rapid rate. It is also subject to similar security risks to services that use centralized cloud services rather than technologies like blockchain that are believed to be better at preventing cyber attacks.