OpenSea – one of the most popular NFT-centric platforms – has reported a data breach affecting the personally-identifying information (PII) of customers subscribed to the company’s mailing list.
Lax External Security at Fault
The breach was not caused by OpenSea itself, the firm explained. Rather, it was due to an employee of Customer.io, a third-party platform hired by OpenSea to manage social media communications.
This is not the first time Customer Relationship Management (CRMs) platforms have proven to be a chink in the armor for crypto and NFT platforms. As recently as March, a similar CRM – Hubspot – was responsible for a nearly identical data breach affecting Circle, Swan Bitcoin, BlockFi, and NYDIG.
An Uptick in Phishing Attempts Expected
OpenSea resmen açıkladı the breach in a blog post published only a few hours ago. In the statement, the company warned users that the amount of data stolen is suspected to be rather large, advising them to be extra vigilant.
On Twitter, OpenSea customers are already reporting suspicious e-mails, phone calls, and messages directed at them, which are believed to be taking place due to info stolen by the Customer.io employee.
OpenSea ve Müşteri io sayesinde bilgilerim ihlal edildi mi? Lord Jeebus bana yardım et. Son zamanlarda neden bu kadar çok spam metin, telefon görüşmesi ve e-posta aldığımı merak ediyordum. ?
— Metzilmazatl (Ay Geyiği)??️? (@Yükselen3) Haziran 30, 2022
The spokesperson for OpenSea also confirmed that the team has already contacted the relevant legal authorities about the breach. Unlike recent exploits of blockchain-related platforms, this attack is centered on customer data – which, unlike tokens, are heavily protected by governments around the world.
“Geçmişte e-postanızı OpenSea ile paylaştıysanız, etkilendiğinizi varsaymalısınız. Devam eden soruşturmalarında Customer.io ile birlikte çalışıyoruz ve bu olayı kolluk kuvvetlerine bildirdik. Lütfen e-posta uygulamalarınız konusunda dikkatli olun ve e-posta yoluyla OpenSea'nin kimliğine bürünme girişimlerine karşı tetikte olun."
OpenSea has already begun to send out e-mails to addresses confirmed to have been affected, briefly explaining how the breach came about and warning users to be on their guard.
OpenSea veri ihlali. pic.twitter.com/FETDKsoHje
- eric.eth (@econoar) Tarafindan Çekilen En Yeni Fotograflari Incele Haziran 30, 2022
Several anti-phishing best practices are also touched on in the e-mail – along with a reminder that opensea.io is the only legitimate website domain owned by the company. A warning to avoid downloading attachments is also included, reiterating that e-mails from OpenSea do not have attachments as a general rule.
Hyperlinks were also touched on – although OpenSea e-mails may include some, any link prompting a user to sign a wallet transaction should be assumed to be fraudulent.
In closing, OpenSea promises to update users about the situation whenever possible and requests that any phishing attempts be reported to their support team.
Binance Ücretsiz 100$ (Özel): Bu bağlantıyı kullan kayıt olmak ve ilk ay Binance Vadeli İşlemlerinde 100$ ücretsiz ve %10 indirimli ücret almak için (şartlar).
PrimeXBT Özel Teklifi: Bu bağlantıyı kullan Kaydolmak ve depozitolarınızdan 50$'a kadar almak için POTATO7,000 kodunu girmek için.
Source: https://cryptopotato.com/opensea-reports-data-breach-warns-customers-of-possible-phishing-attempts/