Posted On June 30, 2022 Consumer Privacy & Data Breaches
June 30, 2022 – Recently, OpenSea issued a warning to users as well as those who subscribe to the company’s newsletter that an employee at OpenSea’s email delivery vendor, Customer.io, downloaded a file containing email addresses and shared it with an unauthorized party. As a result, OpenSea is advising all potentially affected parties to be on the watch for upcoming phishing emails designed to get victims to provide their personal information.
If you believe that you may have been impacted by the OpenSea breach, it is essential you understand what is at risk. The data breach lawyers at Console & Associates, P.C. are actively investigating the OpenSea data breach on behalf of people whose information was exposed. As a part of this investigation, we are providing free consultations to anyone affected by the breach who is interested in learning more about the risks of identity theft, what they can do to protect themselves, and what their legal options may be to obtain compensation from OpenSea.
According to the company’s news release, OpenSea recently learned that there was what appears to be an intentional leaking of email addresses at Customer.io, a third-party email vendor. Evidently, an employee at Customer.io “misused their employee access to download and share email addresses” with an unauthorized party outside of the organization.
In the wake of the breach, OpenSea advised all users of the platform, as well as anyone who subscribes to the OpenSea newsletter, to be careful of unauthorized emails that appear to come from OpenSea. The company provided several examples of potential domain names from which a phishing email may originate, such as opensea.org, opensae.io, and opensea.xyz. The domain name for OpenSea is opensea.io.
Founded in 2017 in New York, New York, OpenSea is an NFT (non-fungible token) marketplace that allows users to buy and sell NFTs at a fixed price or through an auction format. The company deals in all types of NFTs, including collectibles, gaming items, domain names, digital art, and other items backed by blockchain technology. OpenSea employs more than 200 people and generates approximately $42 million in annual revenue.
At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the OpenSea data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.
Below is a copy of the initial data breach letter issued by OpenSea (the actual notice sent to consumers can be found here):
We recently learned that an employee of Customer.io, our email delivery vendor, misused their employee access to download and share email addresses – provided by OpenSea users and subscribers to our newsletter – with an unauthorized external party. If you have shared your email with OpenSea in the past, you should assume you were impacted. We are working with Customer.io in their ongoing investigation, and we have reported this incident to law enforcement.
Please stay vigilant about your email practices, and be alert for any attempt to impersonate OpenSea via email.
How Can You Protect Yourself?
Because the data compromise included email addresses, there may be a heightened likelihood for email phishing attempts. While safe email practices are always important, we strongly recommend that you follow the guidelines listed below and treat any future emails that appear to be from OpenSea carefully.
Please be aware that malicious actors may try to contact you using an email address that looks visually similar to our official email domain, ‘opensea.io’ (such as ‘opensea.org’ or some other variation).
Please help us keep the community safe by reporting any suspicious communication that appears to be from OpenSea at support.opensea.io.