OpenSea Data Breach Exposes Users' Emails — How Users Can Protect Themselves

Data breaches have become a common theme in the blockchain space, and OpenSea isn't an exception. The global NFT marketplace fell victim to an email data breach.

Here's what we know about the data breach, who was impacted, and what users can do to protect themselves. OpenSea isn't the first exchange to experience a data breach and it definitely won't be the last either.

In a report published by the NFT marketplace on June 29, users of the platform had their email addresses exposed. Customer.io, OpenSea’s email delivery vendor, had an employee that used their employee access to download and share email addresses to an “unauthorized external party.” It isn't known who the unauthorized party is, but it’s possible that it could have been a malicious entity that can misuse the list of email addresses.

The company didn’t give a specific number on how many email addresses were impacted, but it said that if you’ve shared your email with OpenSea before, such as subscribing to their newsletters or making an account on their platform, assume that your email address was compromised. Fortunately, it seems that those addresses were the only type of sensitive information exposed to the unauthorized external party.

Customer.io is a popular marketing automation platform among corporate businesses that offers marketing software for emails, in-app notifications, and SMS messages. There haven't been any updates if the employee that exposed the email was fired or will face criminal charges.

Hubspot is a similar platform that was hacked in March, causing corporate partners such as Circle, BlockFi, NYDIG, and Swan Bitcoin to have their users' personal information compromised. Names, phone numbers, and email addresses were exposed to an external party, similar to OpenSea’s data breach.

Companies in the blockchain space have been prime targets for scams and their users. Crypto data platform CoinMarketCap had a data breach of its own, where an estimated 3.1 million users had their email addresses leaked to a hacker. Some of those email addresses were then traded on hacking forums for sale — a common way for scammers to make money off of personal information of that magnitude.

Every major company goes through hack attempts, but with the crypto and NFT industry still being so new, these startups may not have the best security infrastructure built yet, making them an easy target. The platforms also get targeted because their users are still very new to the blockchain space. It's easier to fall victim to scams if you don’t understand what’s real or fake, or even understand the concept of purchasing crypto and NFTs in the first place.

Whether you had an email address associated with OpenSea or not, beware of email phishing attempts. Make sure that if you receive a suspicious email, ensure that it’s from the company you expect it to be from. In OpenSea’s case, its website is OpenSea.io or OpenSea.com, not opensea.org. So, make sure that you look at the sender’s email address and don’t download attachments associated with the email, as it could contain malware.