OpenSea, the largest non-fungible token (NFT) marketplace, disclosed a data breach on Wednesday and warned users of phishing attacks that could target them in the coming days.
The online NFT marketplace says it has more than 600,000 users and a transaction volume that surpassed $20 billion.
The company’s Head Of Security, Cory Hardman, said that an employee of Customer.io, the platform’s email delivery vendor, downloaded email addresses belonging to OpenSea users and newsletter subscribers.
Since the email addresses stolen in the incident were also shared with an unauthorized external party, Hardman urged potentially affected users to be alert for phishing attempts impersonating OpenSea.
“If you have shared your email with OpenSea in the past, you should assume you were impacted. We are working with Customer.io in their ongoing investigation, and we have reported this incident to law enforcement,” Hardman said.
“Because the data compromise included email addresses, there may be a heightened likelihood for email phishing attempts.”
Users were also told to look for emails sent from domains that malicious actors could use to spoof OpenSea’s official email domain opensea.io.
Examples of domains that could be utilized in phishing attacks targeting OpenSea users include opensea.org, opensea.xyz, and opeansae.io.
Hardman also shared a set of safety recommendations that would help defend against phishing attempts advising them to be suspicious of any emails trying to impersonate OpenSea, not to download and open email attachments, and to check the URLs of pages linked in OpenSea emails.
Users are also urged never to share or confirm their passwords or secret wallet phrases and never to sign wallet transactions if prompted directly via email.
“We wanted to share the information we have at this time, and let you know that we’ve reported the incident to law enforcement and are cooperating in their investigation,” Hardman added.
In the past, OpenSea users have been targeted by threat actors impersonating fake support staff and by a phishing attack that left more than a dozen users without hundreds of NFTs worth roughly $2 million.
In September, OpenSea also closed a bug that could let attackers empty OpenSea account owners’ cryptocurrency wallets by luring them to click on malicious NFT art.
With thanks to BeepingComputer. The full story is here: https://www.bleepingcomputer.com/news/security/opensea-discloses-data-breach-warns-users-of-phishing-attacks/
Don’t get hacked by social media phishing attacks!
Many of your users are active on Facebook, LinkedIn, and Twitter. Cybercriminals use these platforms to scrape profile information of your users and organization to create targeted spear phishing campaigns in an attempt to hijack accounts, damage your organization’s reputation, or gain access to your network.
KnowBe4’s Social Media Phishing Test is a complimentary IT security tool that helps you identify which users in your organization are vulnerable to these types of phishing attacks that could put your users and organization at risk.
Here’s how the Social Media Phishing Test works:
- Immediately start your test with your choice of three social media phishing templates
- Choose the corresponding landing page your users see after they click
- Show users which red flags they missed or send them to a fake login page
- Get a PDF emailed to you in 24 hours with your percentage of clicks and data entered
PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/social-media-phishing-test-partner?partnerid=001a000001lWEoJAAW