A data leak could mean OpenSea customers face a spike in phishing messages — and the marketplace is warning users to take extra caution when opening emails.
OpenSea is urging users to remain vigilant after customer email addresses were shared with "an unauthorized external party."
The NFT marketplace says an employee at Customer.io — its email vendor — "misused" employee access to download and share contact details.
OpenSea said it has now reported this incident to law enforcement, with executives indicating that the issue could be widespread:
"If you have shared your email with OpenSea in the past, you should assume you were impacted."
Users have been told to be especially wary of malicious actors who try and impersonate OpenSea via email — with the company warning "there may be a heightened likelihood of email phishing attempts."
While the official domain for this company is OpenSea.io, the firm said suspicious emails may come from website addresses that look similar at first glance, such as opensae.io, opensea.org and opensea.xyz.
The company also stressed that authentic emails "do not include attachments or requests to download anything."
And reminding customers of crucial cybersecurity practices, OpenSea warned users that they should bever share their passwords or secret phrases — or sign a wallet transaction that was triggered by an email.
Some users have already complained that they've suffered a barrage of "spammy texts, phone calls and emails lately."
