Millions of OpenSea user emails leaked in 2022 now fully public: SlowMist

As a researcher, I’m sharing some concerning news: Over seven million email addresses exposed in an OpenSea email vendor leak from 2022 have now been made widely available online. This revelation serves as a fresh trove of information for scammers, according to a SlowMist executive, who urges caution.

In a recent post on January 13th, SlowMist’s CISO, “23pds,” mentioned the data breach of OpenSea’s email service provider from last year [2022], which resulted in the exposure of emails. It appears that these leaked email addresses have since been widely shared and exposed to the public following several disseminations.

23pds shared with CryptoMoon that even though the cyber-attack took place in June 2022, the details had only just become available. This means that all potential attackers could leverage this information for phishing schemes or fraudulent activities.

“Previously, it was not made public. Now all the leaked data has been made public in its entirety and is available to anyone who wants it.”

As an analyst, I recently received a screenshot from 23pds, showcasing a Telegram message containing an attachment titled “opensea.io_mail_list.rar.” This file supposedly contains approximately 7 million entries.

23pds on X stated that the leaked data totalled approximately 7 million pieces, encompassing a significant volume of email details pertaining to overseas cryptocurrency professionals, which includes numerous influential individuals, corporations, and key industry influencers (KOLs).

On June 29, 2022, one of the world’s biggest NFT marketplaces, OpenSea, informed its users about a data breach. This occurred as a result of an employee at Customer.io, their email automation service, inadvertently leaking a list of OpenSea customer emails to an external entity.

If you’ve previously provided your email to OpenSea, consider yourself possibly affected. We’re collaborating with Customer.io during their current probe, and we’ve already notified relevant law enforcement about this event. (This was stated earlier.)

Preventing phishing scams 

23pds recommends anyone suspecting an email leak to establish robust, distinct passwords and keep them safe by using a reliable password management tool.

It’s suggested that you implement two-factor authentication (2FA) whenever feasible, preferably using an authenticator app instead of the SMS-based method, and remember to always keep your device software up-to-date.

2024 saw phishing scams as a major security concern, with cybercriminals successfully stealing approximately $1 billion worth of digital assets across 296 separate incidents, as reported by CertiK.

Last year, phishing was the most expensive method used in cyber attacks, according to a representative from CertiK. However, it’s important to note that our estimates might be understated since they don’t account for unreported incidents and other forms of phishing such as pig butchering.

Read More

2025-01-13 07:16