The tweet was deleted by the author.
But we saved everything 🙂.
Over 7 million email addresses and messages belonging to users of the NFT trading platform OpenSea have been leaked online. As a result, cybersecurity firm SlowMist, which discovered the breach, is urging users to strengthen their security measures.
The information about the leaked OpenSea user data was shared on social media platform X by SlowMist's chief information security officer, who goes by the pseudonym "23pds." He linked the incident to a June 2022 attack on OpenSea's email provider, which resulted in a data breach. However, until now, the leaked data—containing email addresses and messages from many prominent crypto entrepreneurs and influencers—had not been made publicly accessible.
With this data now available to any hacker group for phishing and fraud attempts, OpenSea users who believe their data may have been compromised are advised to take additional security precautions. These include creating strong, unique passwords and using a password manager for secure storage.
23pds also shared a screenshot with Cointelegraph showing a Telegram message with an attachment labeled “opensea.io_mail_list.rar,” allegedly containing 7 million records.
Screenshot of the Telegram post with email addresses embedded. Source: 23pds/SlowMist
OpenSea first disclosed the data breach on June 29, 2022, explaining that an employee of their email automation platform, Customer.io, had leaked a list of client email addresses to an external organization.
The company reported the incident to law enforcement and conducted an investigation. Over 2.5 years later, the breach had almost faded from public memory—until now.
As the cryptocurrency market experiences growth, sales of digital art and collectibles are also on the rise. OpenSea, the leading NFT marketplace during the 2021 boom, is regaining momentum.