the NFT titan is the victim of a security breach
The NFT giant OpenSea warns some of its users. Some investors are in fact affected by a security breach encountered by one of the suppliers of the non-fungible token sales platform. OpenSea recommends affected customers take precautions.
OpenSea, a leading non-fungible token (NFT) marketplace, announces that it has been the victim ofa security breach. In an email addressed to some of its users, the platform reveals that one of its third-party providers suffered from a “security incident that may have exposed information” sensitive, namely API keys. OpenSea does not specify the identity of the partner who was targeted by an attack.
The API key, or programming interface key, allows an application or online service to access specific features or data on an OpenSea server. It allows the platform to be connected to external services, while securing access. These services can retrieve information about NFTs issued on the blockchain, such as the number of offers or related transactions, OpenSea indicates on its site.
Also read: 95% of NFTs no longer have any value, and that’s a good thing
OpenSea’s request to affected customers
The incident does not affect the operation of programs that rely on an API key to function. On the other hand, the disclosure of the keys of certain users could lead to improper use from malicious individuals. De facto, OpenSea may have to limit the flow and use of keys, which would penalize users.
As a precautionary measure, OpenSea recommends that users delete their current key and generate a new one. The marketplace plans, for security reasons, to deactivate all existing keys as soon as October 2, 2023. This measure will ensure that a third party does not use an API key stolen from a user.
OpenSea did not disclose how many users were affected by the incident. Likewise, the platform does not specify whether other data, such as personal information, could have been stolen in the process.
A story that repeats itself
This is not the first time that OpenSea has faced a security problem. Last year, the platform revealed that the email addresses of its users had been leaked online. The marketplace then warned its users against phishing messages aiming to steal their NFT collection.
Here again, it was one of OpenSea’s partners who was at the origin of the leak. An employee of the “email delivery provider” had indeed abused the system “to upload and share email addresses”.
Source :
TheBlock
