Now OpenSea faces email data breach; here's how it is affecting users

OpenSea, the world's largest NFT marketplace has been warning users of email phishing after a data breach.

The NFT marketplace announced late Wednesday that a staff member at Customer.io, an email vendor contracted by OpenSea, abused their employee access to download and distribute the email addresses of OpenSea's users and newsletter subscribers with an unauthorised external entity.

The scope of the security breach seems to be enormous. "If you have previously given your email with OpenSea, you should presume you were impacted," the NFT marketplace said, adding that it is cooperating with Customer.io in an active investigation and has notified law police.

According to Dune Analytics, an open-source crypto analytics platform, more than 1.8 million customers have made at least one purchase on OpenSea using the Ethereum network.

As the cryptocurrency sector grows and money pours in, it has become a target for cyber-attacks. Although blockchain-based, decentralised networks offer improved security, most users today prefer centralised platforms like OpenSea for ease.

In March, for example, a data breach at HubSpot, a customer relations management software company, resulted in data breaches at BlockFi, Circle, and others. Fractal, an NFT platform founded by Twitch co-founder Justin Kan, had a bumpy start in December after a scammer stole $150,000 from the announcement bot.

The $625 million theft from Ronin, a blockchain network linked to the play-to-earn game Axie Infinity, was one of the largest crypto heists to date. Moreover, the Harmony network was exploited for $100 million last week.

Rising at a dizzying pace, these networks face similar, if not larger, security vulnerabilities than existing web services that rely on centralised cloud services — instead of distributed ledger technologies like blockchain, which are thought to be more effective at thwarting assaults.