On June 29, OpenSea, the world’s largest NFT marketplace, announced in a blog post that it had suffered a major data breach.

The company, which is a peer-to-peer marketplace for crypto collectibles and non-fungible tokens, stated that the breach happened after an employee of its email vendor, Customer.io, used their employee access to download OpenSea users’ email addresses and shared them with an unauthorized external third party.

The data breach comes just a few months after the company refunded $1.8 million to its users after people exploited a loophole that allowed them to purchase valuable NFTs at well below their market value.

OpenSea data breach — do you need to be worried?        

OpenSea, along with Customer.io, is currently investigating the incident, which has already been reported to law enforcement. However, the company did advise that anyone who has ever shared their email address with OpenSea should assume they’ve been impacted by the breach and be on the alert for email scams.

OpenSea has also been informing its users about the breach through email.

OpenSea’s safety recommendations

The company shared some excellent safety tips for those affected to follow (source: OpenSea):

1. Be cautious of phishing emails from addresses trying to impersonate OpenSea. OpenSea will ONLY send you emails from the domain: ‘opensea.io.’ Please do not engage with any email claiming to be from OpenSea that does not come from this email domain. 
2. Never download anything from an OpenSea email. Authentic OpenSea emails do not include attachments or requests to download anything. 
3. Check the URL of any page linked in an OpenSea email. We will only include hyperlinks to ‘email.opensea.io.’ URLs. Make sure that ‘opensea.io’ is spelled correctly, as it’s common for malicious actors to impersonate URLs by shuffling letters. 
4. NEVER share or confirm your passwords or secret wallet phrases. OpenSea will never prompt you to do this – in any format.
5. NEVER sign a wallet transaction prompted directly from an email. OpenSea emails will never contain links which directly prompt you to sign a wallet transaction. Never sign a wallet transaction that doesn’t list the origin of https://opensea.io if you were led there by email.

Free protection against phishing emails

Trend Micro Check — our 100% FREE browser extension and mobile app — can protect you against phishing emails, malicious websites, and lots more! If you come across something dangerous online, you’ll be alerted in real time so you’ll know to stay well clear.

So, what are you waiting for? Download Trend Micro Check for FREE today!