Opensea, the largest NFT market, warns that its users’ emails may have been stolen
If you have an Opensea account, surely your email has been extracted without permission and sent to third parties, so spam actions and various deceptions are expected in the coming months.
This is how opensea is informing its users in an email, where they indicate the cause of the problem:
[…] An employee of our email provider, Customer.io, misused their access to the systems to download and share email addresses with an unauthorized third party. Affected email addresses include those provided by OpenSea users and our newsletter subscribers.
Affected users are already being notified with some security recommendations so that they do not fall for possible tricks related to the NFT world:
– Beware of phishing emails from addresses trying to impersonate OpenSea. OpenSea will ONLY send you emails from the domain: ‘opensea.io’. Do not engage with any email claiming to be from OpenSea that does not come from this email domain.
– Never download anything from an email from OpenSea. Authentic OpenSea emails do not include attachments or requests to download anything.
– Check the URL of any linked page in an email from OpenSea. They will only include hyperlinks to ’email.opensea.io’ URLs. Make sure “opensea.io” is spelled correctly, as it is common for malicious actors to masquerade as URLs by mixing letters.
– Never share or confirm your wallet passwords or passphrases. OpenSea will never ask you to do this, in any format.
– Never sign a requested wallet transaction directly from an email. Emails from OpenSea will never contain links that directly ask you to sign for a wallet transaction. Never sign a wallet transaction that does not indicate the origin of https://opensea.io if you were directed there by email.
At the moment they have already reported the incident to the authorities, but the damage has already been done. Let’s hope no one falls for the future traps and opensea accounts stay safe.