$100 Million awarded Since 1994 6,000 Satisfied Clients

Posted On June 30, 2022 Consumer Privacy & Data Breaches

Data Breach Alert: OpenSea

NOTICE: If you received a NOTICE OF DATA BREACH letter from OpenSea, contact the attorneys at Console & Associates at (866) 778-5500 to discuss your legal options, or submit a confidential Case Evaluation form here.

Data Breach AlertJune 30, 2022 – Recently, OpenSea issued a warning to users as well as those who subscribe to the company’s newsletter that an employee at OpenSea’s email delivery vendor, Customer.io, downloaded a file containing email addresses and shared it with an unauthorized party. As a result, OpenSea is advising all potentially affected parties to be on the watch for upcoming phishing emails designed to get victims to provide their personal information.

If you believe that you may have been impacted by the OpenSea breach, it is essential you understand what is at risk. The data breach lawyers at Console & Associates, P.C. are actively investigating the OpenSea data breach on behalf of people whose information was exposed. As a part of this investigation, we are providing free consultations to anyone affected by the breach who is interested in learning more about the risks of identity theft, what they can do to protect themselves, and what their legal options may be to obtain compensation from OpenSea.

What We Know So Far About the OpenSea Breach

According to the company’s news release, OpenSea recently learned that there was what appears to be an intentional leaking of email addresses at Customer.io, a third-party email vendor. Evidently, an employee at Customer.io “misused their employee access to download and share email addresses” with an unauthorized party outside of the organization.

In the wake of the breach, OpenSea advised all users of the platform, as well as anyone who subscribes to the OpenSea newsletter, to be careful of unauthorized emails that appear to come from OpenSea. The company provided several examples of potential domain names from which a phishing email may originate, such as opensea.org, opensae.io, and opensea.xyz. The domain name for OpenSea is opensea.io.

More Information About OpenSea

Founded in 2017 in New York, New York, OpenSea is an NFT (non-fungible token) marketplace that allows users to buy and sell NFTs at a fixed price or through an auction format. The company deals in all types of NFTs, including collectibles, gaming items, domain names, digital art, and other items backed by blockchain technology. OpenSea employs more than 200 people and generates approximately $42 million in annual revenue.

If You Have Questions About Your Rights Following the OpenSea Data Breach, Console & Associates, P.C. Can Help

At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the OpenSea data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.

To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.

Below is a copy of the initial data breach letter issued by OpenSea (the actual notice sent to consumers can be found here):

Dear [Redacted],

We recently learned that an employee of Customer.io, our email delivery vendor, misused their employee access to download and share email addresses – provided by OpenSea users and subscribers to our newsletter – with an unauthorized external party. If you have shared your email with OpenSea in the past, you should assume you were impacted. We are working with Customer.io in their ongoing investigation, and we have reported this incident to law enforcement.

Please stay vigilant about your email practices, and be alert for any attempt to impersonate OpenSea via email.

How Can You Protect Yourself?

Because the data compromise included email addresses, there may be a heightened likelihood for email phishing attempts. While safe email practices are always important, we strongly recommend that you follow the guidelines listed below and treat any future emails that appear to be from OpenSea carefully.

Please be aware that malicious actors may try to contact you using an email address that looks visually similar to our official email domain, ‘opensea.io’ (such as ‘opensea.org’ or some other variation).

Safety Recommendations:

    1. Be cautious of phishing emails from addresses trying to impersonate OpenSea. OpenSea will ONLY send you emails from the domain: ‘opensea.io.’ Please do not engage with any email claiming to be from OpenSea that does not come from this email domain.
    2. Never download anything from an OpenSea email. Authentic OpenSea emails do not include attachments or requests to download anything.
    3. Check the URL of any page linked in an OpenSea email. We will only include hyperlinks to ‘email.opensea.io.’ URLs. Make sure that ‘opensea.io’ is spelled correctly, as it’s common for malicious actors to impersonate URLs by shuffling letters.
    4. NEVER share or confirm your passwords or secret wallet phrases. OpenSea will never prompt you to do this – in any format.
    5. NEVER sign a wallet transaction prompted directly from an email. OpenSea emails will never contain links which directly prompt you to sign a wallet transaction. Never sign a wallet transaction that doesn’t list the origin of https://opensea.io if you were led there by email.
    6. Your trust and safety is a top priority. We wanted to share the information we have at this time, and let you know that we’ve reported the incident to law enforcement and are cooperating in their investigation.

Please help us keep the community safe by reporting any suspicious communication that appears to be from OpenSea at support.opensea.io.

NOTICE: If you received a NOTICE OF DATA BREACH letter from OpenSea, contact the attorneys at Console & Associates at (866) 778-5500 to discuss your legal options, or submit a confidential Case Evaluation form here.