Over 7 million email addresses compromised during the breach have recently been fully exposed online. This has raised concerns, with a SlowMist executive warning that scammers now have access to a new treasure trove of information.

SlowMist Chief Information Security Officer “23pds”: “Do you remember the 2022 attack on OpenSea’s email service provider that led to the leak of email addresses? These leaked emails are now fully public.”

23pds explained that the attack occurred in June 2022 but noted that the data had not been publicly accessible until recently. They highlighted that this makes it possible for “all groups of attackers to use this information for phishing and scamming.”

“This information was not publicly available before. However, now all the leaked data is entirely public and accessible to anyone who wants it.”

23pds further noted, “The amount of leaked data has reached 7 million. This includes email information of many prominent figures, companies, and key opinion leaders (KOLs) in the industry, as well as a significant number of overseas cryptocurrency professionals.”

Related tweet:

One of the world’s largest NFT (non-fungible token) marketplaces, OpenSea, warned its customers of a data leak on June 29, 2022, after discovering that an employee of the email automation platform Customer.io had leaked OpenSea customer email lists to a third party.

“If you have shared your email with OpenSea in the past, you should assume you were impacted. We are working with Customer.io in their ongoing investigation, and we have reported this incident to law enforcement,” it said.

Preventing Phishing Scams

23pds advised those who believe their email was leaked to create strong and unique passwords and use a password manager to store them securely.

They also recommended using two-factor authentication (2FA) wherever possible and preferred an authenticator app over SMS-based 2FA. Keeping device software up to date was also emphasized as an important security measure.

According to CertiK, phishing scams were one of the most significant security threats of 2024, with attackers making off with over $1 billion of digital assets from 296 incidents during the year.

“Phishing was the most costly attack vector last year,” said CertiK. “Our figures are conservative; the actual number is higher when considering unreported incidents and other types of phishing scams like pig butchering.”

The post Leaked OpenSea User Emails Now Publicly Available appeared first on Coin Engineer.