OpenSea Has Reported A Data Leak
OpenSea, one of the leading NFT marketplaces, reported the data leak and recommended some of its users to change their API keys.
OpenSea emailed some of its users informing them of the third-party compromise and advising them to change their keys. The platform added that the generated API keys will have the same permissions and usage limits, while the old keys will expire on October 2.
OpenSea plans to rotate API keys following a third-party security incident, according to an email sent to affected users. Story to follow. pic.twitter.com/a7ef0bXDd3— Zack Abrams (@ZackDAbrams) September 23, 2023
OpenSea reassured its customers that the incident would not have an "immediate effect" on the user experience, but there is a risk of unauthorized tampering with users' allocated rates and usage limits.
OpenSea did not disclose the name of the compromised third party or other details regarding the incident. This case follows a similar incident. Last week, analyst firm Nansen reported the compromise of a Fortune 500 third party trusted by many major companies in the industry. Whether the OpenSea incident involved the same third party as the Nansen case is unknown.
OpenSea has experienced data leaks more than once. In June 2022, the email addresses of the platform's customers were leaked due to a mistake by a company employee. In May 2022, a Discord server was hacked, with fraudsters hosting a fake NFT mint. In October 2022, a critical exploit was found in one of the platform's smart contracts.