Major non-fungible token marketplace OpenSea has confirmed being hit by a widespread data breach that resulted in the exposure of users' and newsletter subscribers' email addresses, TechCrunch reports.
OpenSea noted that the breach has stemmed from credential misuse by an employee at its email vendor Customer.io.
"If you have shared your email with OpenSea in the past, you should assume you were impacted," said OpenSea, which reiterated ongoing investigation with Customer.io regarding the incident that has already been reported to law enforcement.
Meanwhile, Customer.io emphasized that no other client data is believed to have been compromised in the incident.
"The employee in question has had all access removed and has been suspended pending the conclusion of our investigation," a Customer.io spokesperson said.
OpenSea's email breach comes amid increasing cyberattacks aimed at cryptocurrency startups. BlockFi, Circle, and other cryptocurrency firms have been impacted by a data breach at HubSpot in March, while $625 million have been stolen from the hack of the Ronin blockchain network.
Microsoft credentials targeted new phishing attacks with RPMSG files New phishing attacks involving compromised Microsoft 365 accounts and encrypted restricted permission message, or RPMSG, files, are being leveraged by threat actors to facilitate the stealthy exfiltration of Microsoft credentials, according to BleepingComputer.
BleepingComputer reports that some Barracuda Email Security Gateway instances have been compromised in attacks exploiting a zero-day vulnerability, which has already been patched in security updates issued over the weekend.
Numerous sectors including government, financial services, media, manufacturing, transportation, and utilities have been targeted by the large-scale credential phishing campaign leveraging the SuperMailer newsletter distribution app, which has expanded by twofold monthly since January, according to SecurityWeek.