NFT marketplace OpenSea warned customers of potential phishing scams after an employee of Portland-based Customer.io shared email addresses of OpenSea users and newsletter subscribers with "an unauthorized external party.”
OpenSea and Customer.io are investigating what happened. The Portland company has determined the employee involved with sharing the information and has removed access privileges and suspended the employee, the company said.
Here’s the full statement from Customer.io, which makes software to help companies automate customer interactions across email, push notifications, text message and other messaging applications:
“As soon as we learned of the incident, we took immediate steps to investigate, contain its impact and determine its source, including hiring a third-party forensic investigations firm. We are working closely with OpenSea and are reviewing exactly how these email addresses were compromised. We believe this resulted from the actions of an employee who had role-specific access privileges that were abused. We do not believe any other clients’ data has been compromised, but we are continuing to investigate. The employee in question has had all access removed and has been suspended pending the conclusion of our investigation. Additionally we are always working to improve our security and we have launched a comprehensive review of our access & compliance policies and will make adjustments where necessary.”
OpenSea is one of the main marketplaces to purchase NFTs, non-fungible tokens that are digital assets that exist on the blockchain. According to TechCrunch, 1.8 million users have made a purchase on OpenSea.
Phishing scams have emerged as ways to steal NFTs by fooling people into sending their NFTs to someone else. Earlier this year, OpenSea had a high-profile incident that was tied to phishing, according to The Verge.
Customer.io is one of the fastest growing companies in the region. It has 175 employees and a two-year revenue growth rate of 145.7%.