Millions of OpenSea user emails leaked in 2022 now fully public

Millions of email addresses stolen in the 2022 OpenSea data breach have been publicly leaked by hackers. 

Cybersecurity experts warn that this disclosure has created more channels for phishing scams. 

OpenSea data breach in 2022

In June 2022, OpenSea found that an employee of its email automation vendor, Customer.io, revealed over seven million customer email addresses to an unauthorized party. 

“If you have shared your email with OpenSea in the past, you should assume you were impacted. We are working with Customer.io in their ongoing investigation, and we have reported this incident to law enforcement,” OpenSea said at the time.  

Though the data breach happened years ago, the exposed email addresses were not publicly available until 2024. However, things got worse when the hacked data was made available online. This month, the hacked data was widely circulated online, making it accessible to anyone on the internet. 

SlowMist’s pseudonymous Chief Information Security Office, 23pds, claimed the leaked data includes email addresses for renowned industry experts, businesses, and key opinion leaders. 

“Previously, it was not made public. Now all the leaked data has been made public in its entirety and is available to anyone who wants it,” 23pds said in a recent interview.

Implications of the data leak

The complete public disclosure of these email addresses has raised serious concerns for OpenSea users and the global crypto community. Scammers now have a wealth of information to launch phishing attacks, targeting individuals with emails that appear legal but are intended to steal important information.

Phishing is still one of the most damaging attack vectors. According to CertiK, approximately $1 billion in digital assets were stolen in just 296 attacks in 2024. These figures only relate to attacks reported by victims. With the large number of unreported incidents, the actual losses due to crypto-related security incidents may be substantially greater. 

23pds’ advice to prevent phishing attacks

Considering the huge amount of loss users suffered due to data breaches, 23pds disclosed prevention tips for staying secure and keeping your confidential data protected from unauthorized users and attackers. 

23pds has issued valuable suggestions for users who suspect their email has been compromised:

• It’s recommended to avoid using the same password on multiple platforms. 
• A password manager is necessary to securely store and manage your passwords.
• Enable authenticator apps such as Google Authenticator or Authy instead of simply using SMS-based 2FA. 
• Protect yourself from phishing emails by not clicking on links or downloading attachments from unknown senders. 
• Update the app to the latest software version to address security flaws that hackers may exploit. 

Land a High-Paying Web3 Job in 90 Days: The Ultimate Roadmap