OpenSea employee misuse of email causes chaos

OpenSea employee misuse of email causes chaos

https://techcrunch.com/2022/06/30/nft-opensea-data-breach/

Exploit: Insider Threat
OpenSea: Non-Fungible Token Marketplace

risk-to-business-img-r1

Risk to Business: 1.903 = Severe

NFT giant OpenSea has had a data breach caused by an employee at a third-party service provider misusing their access to data. OpenSea announced last week that an employee of email vendor Customer.io, misused their employee access to download and share email addresses of OpenSea’s users and newsletter subscribers with an unauthorized external party. Customer.io told TechCrunch that the culprit was likely an employee who abused their role-specific access privileges and that no other company’s data was involved in this incident.

img2-Three-Affiliated-Tribes-servers

Individual Risk:

No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Customers’ Business: Finance sector organizations have been at the top of the cybercriminal hit list, especially crypto-related entities.

Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.