In a blog post published late on June 29, OpenSea said that an employee of Customer.io had “misused their employee access to download and share email addresses – provided by OpenSea users and subscribers to our newsletter – with an unauthorized external party.”
The leaked information included email addresses, according to the blog post, and OpenSea warned users that this could result in a “a heightened likelihood for email phishing attempts.”
The company said customers should assume they have been impacted by the news if they had shared their email address with OpenSea in the past.
OpenSea added in the blog post that the company is assisting Customer.io with its own internal investigation, and that the incident has been reported to law enforcement.
Screenshots shared on Twitter show that OpenSea has also contacted customers by email to inform them about the breach.