OpenSea, a popular NFT marketplace, has cautioned its users against falling for phishing scams. According to the head of security, an employee of a third-party vendor exploited their access to OpenSea customers’ data.

Employees of collectibles platform OpenSea warned clients of a data breach after learning that email addresses had been shared with a third party.

Cory Hardman, OpenSea’s head of security, said in a blog post published on Wednesday that a Customer.io employee had abused their access by obtaining and sharing customer data outside of the organization. He stated:

“If you have shared your email with OpenSea in the past, you should assume you were impacted. We are working with Customer.io in their ongoing investigation, and we have reported this incident to law enforcement.”

Customers may be subjected to phishing attempts, in which fraudsters attempt to steal personal information by impersonating reputable businesses and using domain names similar to the official “opensea.io,” such as “opensea.org” or “opensae.io,” the NFT marketplace said.

OpenSea data breach. pic.twitter.com/FEtDKsoHje

— eric.eth (@econoar) June 30, 2022

Users of the platform have begun complaining about being bombarded with spam calls, emails, and texts.

My info was breached thanks to OpenSea and Customer io 😂 Lord Jeebus help me. I was wondering why I had so many spammy texts, phone calls, and emails lately. 🙄

— Metzilmazatl (Moon Deer)🪶🏳️‍🌈 (@TheAscendant3) June 30, 2022

Email data breaches in crypto firms have recently increased. As a result, bitcoin businesses must use Customer Relationship Management (CRM) software with prudence.

Earlier this year data leak of another CRM system, Hubspot, resulted in an email data breach impacting users of Circle, NYDIG, BlockFi, and Swan Bitcoin. Names and phone numbers, in addition to emails, were sent to a third party following the theft.