ОпенСеа пријављује кршење података, упозорава купце на могуће покушаје пхисхинг-а

OpenSea – one of the most popular NFT-centric platforms – has reported a data breach affecting the personally-identifying information (PII) of customers subscribed to the company’s mailing list.

Lax External Security at Fault

The breach was not caused by OpenSea itself, the firm explained. Rather, it was due to an employee of Customer.io, a third-party platform hired by OpenSea to manage social media communications.

This is not the first time Customer Relationship Management (CRMs) platforms have proven to be a chink in the armor for crypto and NFT platforms. As recently as March, a similar CRM – Hubspot – was responsible for a nearly identical data breach affecting Circle, Swan Bitcoin, BlockFi, and NYDIG.

An Uptick in Phishing Attempts Expected

OpenSea officially најавила the breach in a blog post published only a few hours ago. In the statement, the company warned users that the amount of data stolen is suspected to be rather large, advising them to be extra vigilant.

On Twitter, OpenSea customers are already reporting suspicious e-mails, phone calls, and messages directed at them, which are believed to be taking place due to info stolen by the Customer.io employee.

Моје информације су проваљене захваљујући ОпенСеа и Цустомер ио-у? Лорд Јеебус, помози ми. Питао сам се зашто у последње време имам толико нежељених порука, телефонских позива и мејлова. ?

— Метзилмазатл (Моон Деер)??‍? (@ТхеАсцендант3) Јун 30, 2022

The spokesperson for OpenSea also confirmed that the team has already contacted the relevant legal authorities about the breach. Unlike recent exploits of blockchain-related platforms, this attack is centered on customer data – which, unlike tokens, are heavily protected by governments around the world.

„Ако сте у прошлости делили своју е-пошту са ОпенСеа-ом, претпоставите да сте били погођени. Радимо са Цустомер.ио у њиховој текућој истрази и пријавили смо овај инцидент полицији. Будите опрезни у вези са својим поступцима е-поште и будите опрезни у случају било каквог покушаја лажног представљања ОпенСеа путем е-поште.”

OpenSea has already begun to send out e-mails to addresses confirmed to have been affected, briefly explaining how the breach came about and warning users to be on their guard.

Кршење података ОпенСеа. пиц.твиттер.цом/ФЕтДКсоХје

- ериц.етх (@ецоноар) Јун 30, 2022

Several anti-phishing best practices are also touched on in the e-mail – along with a reminder that opensea.io is the only legitimate website domain owned by the company. A warning to avoid downloading attachments is also included, reiterating that e-mails from OpenSea do not have attachments as a general rule.

Hyperlinks were also touched on – although OpenSea e-mails may include some, any link prompting a user to sign a wallet transaction should be assumed to be fraudulent.

In closing, OpenSea promises to update users about the situation whenever possible and requests that any phishing attempts be reported to their support team.