Important update to email vendor security facts

We recently learned that an employee of Customer.io, our email delivery vendor, with an unauthorized external party – has misused their employee access to download and share email addresses provided by OpenSea users and our newsletter subscribers. If you have shared your email with OpenSea in the past, you should feel that you have been affected. We are working with Customer.io on their ongoing investigation, and we have reported this incident to law enforcement.

Please be aware of your email practice, and beware of any attempts to disguise OpenSea via email.

How can you protect yourself?

Since the data app includes email addresses, there is a high probability of email phishing attempts. While secure email practices are always important, we strongly recommend that you follow the guidelines listed below and treat future emails from OpenSea with caution.

Please be aware that malicious actors may try to contact you using an email address that visually matches our official email domain, ‘opensea.io’ (such as ‘opensea.org’ or some other variation).

Example of phishing address:

Safety recommendations:

1. Beware of phishing emails from addresses trying to disguise OpenSea. OpenSea will only send you emails from the domain: ‘opensea.io.’ Please do not engage in any email that claims to be from OpenSea that does not come from this email domain.
2. Do not download anything from an OpenSea email. Authentic OpenSea does not include email attachments or requests to download anything.
3. Check the URL of any page linked in the OpenSea email. We will only include hyperlinks to ’email.opensea.io’. URL Make sure the spelling ‘opensea.io’ is spelled correctly, as malicious actors disguise the URL by changing the characters.
4. Never share or confirm your password or secret wallet phrase. OpenSea will never ask you to do this – in any format.
5. Do not sign a wallet transaction requested directly from an email OpenSea emails will never contain a link that prompts you to sign a wallet transaction directly. Do not sign a wallet transaction that does not list the origin of https: //opensea.io if you are managed by email there.

Your trust and safety is a top priority. We want to share the information we have at this time, and let you know that we have reported the incident to law enforcement and are cooperating with their investigation.

Please help keep the community safe by reporting suspicious contacts from OpenSea to support.opensea.io.

Important updates to post email vendor security facts first appeared on the OpenSea blog.

https://ift.tt/le6jf8o

Baca juga

• Upcoming Drops: October 24-30
• Abbott and Costello have immortalized their legacy as NFTs
• Telegram gears up to launch its on-board Web3 marketplace