This time, one of the largest nonfungible token (NFT) marketplace experienced an insider related data leak. OpenSea company’s email list, which includes email addresses of users and subscribers to newsletter, was illegally accessed and downloaded by an employee of Customer.io, one of OpenSea’s email vendors.
It seems that the attack’s aim is to gain financial benefit. The stolen database may be used in targeted phishing attacks. Thus, anyone, who has ever shared email with the OpenSea, may be affected in the future. The overall number of OpenSea’s users is close to 2,000,000.
The company’s officials provided recommendation for protection against intruders’ malicious actions and they stated that “malicious actors may try to contact you using an email address that looks visually similar to our official email domain, ‘opensea.io’ (such as ‘opensea.org’ or some other variation)”. As company representatives told the victims, that they had already reported to law enforcement and cooperating in the investigation process.
This attack shouldn’t be neglected by NFT market actors, and by any other organization as well. This incident is just another “reminder” that insider related risk is an everlasting threat for any kind of commercial and non-commercial organizations.
In terms of practical recommendation for any kind of organizations in such circumstances, we can suggest the following. First, try to stay up-to-date, learn about new information security threats and educate employees on the topic of information security. Try to implement complex approach to security. However, it’s impossible to cope with all threats without assistance of specific InfoSec software. You must be aware of your data assets – make sure that they are kept appropriately, in compliance with safety policies, set in the organization. Distinguish accesses in order to prohibit access to crucial and confidential data for third-party users. These tasks may be solved with the help of DCAP solution. SIEM system will help to protect log information against tampering and unauthorized access. DLP system will help to block the process of illegal confidential data transmitting.
SearchInform uses four types of cookies as described below. You can decide which categories of cookies you wish to accept to improve your experience on our website. To learn more about the cookies we use on our site, please read our Cookie Policy.
Always active. These cookies are essential to our website working effectively.
Cookies does not collect personal information. You can disable the cookie files
record
on the Internet Settings tab in your browser.
These cookies allow SearchInform to provide enhanced functionality and personalization, such as remembering the language you choose to interact with the website.
These cookies enable SearchInform to understand what information is the most valuable to you, so we can improve our services and website.
These cookies are created by other resources to allow our website to embed content from other websites, for example, images, ads, and text.
Please enable Functional Cookies
You have disabled the Functional Cookies.
To complete the form and get in touch with us, you need to enable Functional Cookies.
Otherwise the form cannot be sent to us.
Subscribe to our newsletter and receive a bright and useful tutorial Explaining Information Security in 4 steps!
Subscribe to our newsletter and receive case studies in comics!