"OpenSea NFT Marketplace Faces Insider Hack"
OpenSea, the largest nonfungible token (NFT) marketplace with nearly 2 million users, revealed that an employee of one of its email vendors, Customer.io, gained access to and downloaded the company's email list. It also stated that anyone who has previously shared their email address with the platform should assume they are affected. Users are asked to be on the lookout for malicious actors trying to contact them using an email address that looks similar to the company's official email domain, 'opensea.io.' According to Paul Laudanski, head of threat intelligence at the email security firm Tessian, insider abuse is inherently difficult to spot. It is more difficult to detect when the individual is an authorized user. Therefore, he advises all organizations to investigate third-party risk management protocols and to be aware of how and where data is stored. Given that the OpenSea email list is a potentially lucrative dataset for cybercriminals, the intrusion was most likely financially motivated. The millions of customer email addresses will attract threat actors looking to perform widespread phishing attacks. Karl Steinkamp, director at Coalfire, warns that attackers may also utilize the email list to steal NFTs from unsuspecting OpenSea customers. This article continues to discuss the potential impact of the insider hack faced by the OpenSea NFT marketplace.
Dark Reading reports "OpenSea NFT Marketplace Faces Insider Hack"