OpenSea известува за прекршување на податоците, ги предупредува клиентите за можни обиди за фишинг

OpenSea – one of the most popular NFT-centric platforms – has reported a data breach affecting the personally-identifying information (PII) of customers subscribed to the company’s mailing list.

Lax External Security at Fault

The breach was not caused by OpenSea itself, the firm explained. Rather, it was due to an employee of Customer.io, a third-party platform hired by OpenSea to manage social media communications.

This is not the first time Customer Relationship Management (CRMs) platforms have proven to be a chink in the armor for crypto and NFT platforms. As recently as March, a similar CRM – Hubspot – was responsible for a nearly identical data breach affecting Circle, Swan Bitcoin, BlockFi, and NYDIG.

An Uptick in Phishing Attempts Expected

OpenSea officially објави the breach in a blog post published only a few hours ago. In the statement, the company warned users that the amount of data stolen is suspected to be rather large, advising them to be extra vigilant.

On Twitter, OpenSea customers are already reporting suspicious e-mails, phone calls, and messages directed at them, which are believed to be taking place due to info stolen by the Customer.io employee.

Моите информации беа пробиени благодарение на OpenSea и Customer io ? Господ Џибус помогни ми. Се прашував зошто имав толку многу спам пораки, телефонски повици и е-пошта во последно време. ?

- Мецилмазатл (Месечев елен)??️‍? (@TheAscendant3) Јуни 30, 2022

The spokesperson for OpenSea also confirmed that the team has already contacted the relevant legal authorities about the breach. Unlike recent exploits of blockchain-related platforms, this attack is centered on customer data – which, unlike tokens, are heavily protected by governments around the world.

„Ако сте ја споделиле вашата е-пошта со OpenSea во минатото, треба да претпоставите дека сте биле погодени. Работиме со Customer.io во нивната тековна истрага и го пријавивме овој инцидент до органите на прогонот. Ве молиме бидете внимателни за вашите практики за е-пошта и бидете внимателни за секој обид да се имитирате на OpenSea преку е-пошта“.

OpenSea has already begun to send out e-mails to addresses confirmed to have been affected, briefly explaining how the breach came about and warning users to be on their guard.

Прекршување на податоците на OpenSea. pic.twitter.com/FEtDKsoHje

- eric.eth (@econoar) Јуни 30, 2022

Several anti-phishing best practices are also touched on in the e-mail – along with a reminder that opensea.io is the only legitimate website domain owned by the company. A warning to avoid downloading attachments is also included, reiterating that e-mails from OpenSea do not have attachments as a general rule.

Hyperlinks were also touched on – although OpenSea e-mails may include some, any link prompting a user to sign a wallet transaction should be assumed to be fraudulent.

In closing, OpenSea promises to update users about the situation whenever possible and requests that any phishing attempts be reported to their support team.